GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-18 18:57:14 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB Running: jtk6i97x.exe; Driver: C:\Users\Ewa\AppData\Local\Temp\pwldapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000049860480 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000049860470 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000049860360 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000049860490 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 00000000498603d0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000049860310 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 00000000498603a0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000049860380 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 00000000498602d0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 00000000498602c0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0xffffffffd2b30790} .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000049860300 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 00000000498603b0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000049860440 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 00000000498603e0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000049860220 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 00000000498604a0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000049860390 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 00000000498602e0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000049860340 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000049860280 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 00000000498602a0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0xffffffffd2b30190} .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 00000000498603c0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0xffffffffd2b30290} .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000049860320 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000049860410 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000049860230 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 00000000498603f0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 00000000498601d0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000049860240 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 00000000498604b0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 00000000498604c0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 00000000498602f0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000049860350 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000049860290 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 00000000498602b0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000049860370 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000049860330 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000049860460 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000049860420 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000049860250 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0xffffffffd2b2f690} .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000049860260 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0xffffffffd2b2f690} .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000049860400 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 00000000498601e0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000049860200 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 00000000498601f0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000049860430 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000049860450 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000049860210 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000049860270 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000000040480 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000000040470 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000000040360 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000000040490 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 00000000000403d0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000000040310 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 00000000000403a0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000000040380 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 00000000000402d0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 00000000000402c0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0xffffffff89310790} .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000000040300 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 00000000000403b0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000000040440 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 00000000000403e0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000000040220 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 00000000000404a0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000000040390 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 00000000000402e0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000000040340 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000000040280 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 00000000000402a0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0xffffffff89310190} .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 00000000000403c0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0xffffffff89310290} .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000000040320 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000000040410 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000000040230 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 00000000000403f0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 00000000000401d0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000000040240 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 00000000000404b0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 00000000000404c0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 00000000000402f0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000000040350 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000000040290 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 00000000000402b0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000000040370 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000000040330 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000000040460 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000000040420 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000000040250 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0xffffffff8930f690} .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000000040260 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0xffffffff8930f690} .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000000040400 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 00000000000401e0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000000040200 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 00000000000401f0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000000040430 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000000040450 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000000040210 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000000040270 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\services.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000000040480 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000000040470 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000000040360 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000000040490 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 00000000000403d0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000000040310 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 00000000000403a0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000000040380 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 00000000000402d0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 00000000000402c0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0xffffffff89310790} .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000000040300 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 00000000000403b0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000000040440 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 00000000000403e0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000000040220 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 00000000000404a0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000000040390 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 00000000000402e0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000000040340 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000000040280 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 00000000000402a0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0xffffffff89310190} .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 00000000000403c0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0xffffffff89310290} .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000000040320 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000000040410 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000000040230 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 00000000000403f0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 00000000000401d0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000000040240 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 00000000000404b0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 00000000000404c0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 00000000000402f0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000000040350 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000000040290 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 00000000000402b0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000000040370 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000000040330 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000000040460 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000000040420 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000000040250 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0xffffffff8930f690} .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000000040260 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0xffffffff8930f690} .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000000040400 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 00000000000401e0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000000040200 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 00000000000401f0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000000040430 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000000040450 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000000040210 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000000040270 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000000070480 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000000070360 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000000070490 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000000070310 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000000070380 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 00000000000702c0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0xffffffff89340790} .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000000070220 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000000070390 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000000070340 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000000070280 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 00000000000702a0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0xffffffff89340190} .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 00000000000703c0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0xffffffff89340290} .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000000070320 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000000070240 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000000070290 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000000070420 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000000070250 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0xffffffff8933f690} .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000000070260 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0xffffffff8933f690} .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000000070430 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000000070450 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000000070270 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0xffffffff89340790} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0xffffffff89340190} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0xffffffff89340290} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0xffffffff8933f690} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0xffffffff8933f690} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\System32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\atieclxx.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\Explorer.EXE[1724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Program Files\Java\jre6\bin\jusched.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\taskhost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2132] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007478d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d41465 2 bytes [D4, 75] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d414bb 2 bytes [D4, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d41465 2 bytes [D4, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d414bb 2 bytes [D4, 75] .text ... * 2 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\wbem\unsecapp.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\wbem\wmiprvse.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\SearchIndexer.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\servicing\TrustedInstaller.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d2f760 5 bytes JMP 0000000076e90480 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d2f7b0 5 bytes JMP 0000000076e90470 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d2f910 5 bytes JMP 0000000076e90360 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d2f960 5 bytes JMP 0000000076e90490 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d2f970 5 bytes JMP 0000000076e903d0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d2fa20 5 bytes JMP 0000000076e90310 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d2fa50 5 bytes JMP 0000000076e903a0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d2fa70 5 bytes JMP 0000000076e90380 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d2fab0 5 bytes JMP 0000000076e902d0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d2fb30 1 byte JMP 0000000076e902c0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d2fb32 3 bytes {JMP 0x160790} .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d2fb50 5 bytes JMP 0000000076e90300 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d2fb90 5 bytes JMP 0000000076e903b0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d2fbd0 5 bytes JMP 0000000076e90440 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d2fbe0 5 bytes JMP 0000000076e903e0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d2fd40 5 bytes JMP 0000000076e90220 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d2ff00 5 bytes JMP 0000000076e904a0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d2ff30 5 bytes JMP 0000000076e90390 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d30010 5 bytes JMP 0000000076e902e0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d30020 5 bytes JMP 0000000076e90340 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d30080 5 bytes JMP 0000000076e90280 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d30110 1 byte JMP 0000000076e902a0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d30112 3 bytes {JMP 0x160190} .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d30130 1 byte JMP 0000000076e903c0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d30132 3 bytes {JMP 0x160290} .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d30140 5 bytes JMP 0000000076e90320 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d301b0 5 bytes JMP 0000000076e90410 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d301e0 5 bytes JMP 0000000076e90230 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d30380 5 bytes JMP 0000000076e903f0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d304a0 5 bytes JMP 0000000076e901d0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d30560 5 bytes JMP 0000000076e90240 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d30590 5 bytes JMP 0000000076e904b0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d305a0 5 bytes JMP 0000000076e904c0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d305d0 5 bytes JMP 0000000076e902f0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d305e0 5 bytes JMP 0000000076e90350 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d30640 5 bytes JMP 0000000076e90290 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d30690 5 bytes JMP 0000000076e902b0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d306c0 5 bytes JMP 0000000076e90370 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d306d0 5 bytes JMP 0000000076e90330 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d309c0 5 bytes JMP 0000000076e90460 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d30b20 5 bytes JMP 0000000076e90420 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d30bc0 1 byte JMP 0000000076e90250 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d30bc2 3 bytes {JMP 0x15f690} .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d30bd0 1 byte JMP 0000000076e90260 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d30bd2 3 bytes {JMP 0x15f690} .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d30be0 5 bytes JMP 0000000076e90400 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d30da0 5 bytes JMP 0000000076e901e0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d30db0 5 bytes JMP 0000000076e90200 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d30e20 5 bytes JMP 0000000076e901f0 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d30e80 5 bytes JMP 0000000076e90430 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d30e90 5 bytes JMP 0000000076e90450 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d30ea0 5 bytes JMP 0000000076e90210 .text C:\Windows\System32\WUDFHost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d30f80 5 bytes JMP 0000000076e90270 ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [364:3988] 000007fef08f23a8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27b10 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b974da Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbb16c85 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind \Device\Smb_Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\Smb_Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\Smb_Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\Smb_Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\Smb_Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\Smb_Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\Smb_Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\Smb_Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\Smb_Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\Smb_Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\Smb_Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\Smb_Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\Smb_Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\Smb_Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\Smb_Tcpip6_{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\Smb_Tcpip6_{49C3262A-8F6D-4076-B989-B56E9D265BB8}?\Device\Smb_Tcpip6_{D8F99065-6A20-4050-AECF-E62811096EDA}?\Device\Smb_Tcpip6_{3E131067-7BC9-467B-A373- Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route "Smb" "Tcpip" "{D98F2250-4813-4758-9871-9B832A503D40}"?"Smb" "Tcpip" "{D4B4741B-89C2-4C79-AF96-98B70FA5676E}"?"Smb" "Tcpip" "{32F333F3-1631-466E-B6FC-7A15E0371C07}"?"Smb" "Tcpip" "{9E7CE22F-6BA1-4767-96E9-80148273B77E}"?"Smb" "Tcpip" "{DB652748-F4E5-43EA-B702-C3513769F3D4}"?"Smb" "Tcpip" "{CA34CC92-2599-464B-B82F-FB9082705712}"?"Smb" "Tcpip" "{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}"?"Smb" "Tcpip6" "{2624C68B-610E-481D-B66D-CC9F23BA3A11}"?"Smb" "Tcpip6" "{92134468-C594-4C0C-8365-4F0494B061F1}"?"Smb" "Tcpip6" "{E635B87E-3DCC-4284-8893-B259DA57DA1D}"?"Smb" "Tcpip6" "{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}"?"Smb" "Tcpip6" "{53F9A4F8-5637-4800-BAC5-7DAF884D5171}"?"Smb" "Tcpip6" "{D8FF1F42-5602-4178-8C4C-C0125B533FDB}"?"Smb" "Tcpip6" "{66BBF80F-F778-45A1-9565-9E9C33CF2E50}"?"Smb" "Tcpip6" "{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}"?"Smb" "Tcpip6" "{49C3262A-8F6D-4076-B989-B56E9D265BB8}"?"Smb" "Tcpip6" "{D8F99065-6A20-4050-AECF-E62811096EDA}"?"Smb" "Tcpip6" "{3E131067-7BC9-467B-A373-4557DC2545DE}"?"Smb" "Tcpip6" "{2053B Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export \Device\LanmanServer_Smb_Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\LanmanServer_Smb_Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\LanmanServer_Smb_Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\LanmanServer_Smb_Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\LanmanServer_Smb_Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\LanmanServer_Smb_Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\LanmanServer_Smb_Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\LanmanServer_Smb_Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\LanmanServer_Smb_Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\LanmanServer_Smb_Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\LanmanServer_Smb_Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\LanmanServer_Smb_Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\LanmanServer_Smb_Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\LanmanServer_Smb_Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\LanmanServer_Smb_Tcpip6_{C9E Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind \Device\Smb_Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\Smb_Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\Smb_Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\Smb_Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\Smb_Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\Smb_Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\Smb_Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\Smb_Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\Smb_Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\Smb_Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\Smb_Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\Smb_Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\Smb_Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\Smb_Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\Smb_Tcpip6_{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\Smb_Tcpip6_{49C3262A-8F6D-4076-B989-B56E9D265BB8}?\Device\Smb_Tcpip6_{D8F99065-6A20-4050-AECF-E62811096EDA}?\Device\Smb_Tcpip6_{3E131067-7BC9-467B-A373- Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route "Smb" "Tcpip" "{D98F2250-4813-4758-9871-9B832A503D40}"?"Smb" "Tcpip" "{D4B4741B-89C2-4C79-AF96-98B70FA5676E}"?"Smb" "Tcpip" "{32F333F3-1631-466E-B6FC-7A15E0371C07}"?"Smb" "Tcpip" "{9E7CE22F-6BA1-4767-96E9-80148273B77E}"?"Smb" "Tcpip" "{DB652748-F4E5-43EA-B702-C3513769F3D4}"?"Smb" "Tcpip" "{CA34CC92-2599-464B-B82F-FB9082705712}"?"Smb" "Tcpip" "{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}"?"Smb" "Tcpip6" "{2624C68B-610E-481D-B66D-CC9F23BA3A11}"?"Smb" "Tcpip6" "{92134468-C594-4C0C-8365-4F0494B061F1}"?"Smb" "Tcpip6" "{E635B87E-3DCC-4284-8893-B259DA57DA1D}"?"Smb" "Tcpip6" "{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}"?"Smb" "Tcpip6" "{53F9A4F8-5637-4800-BAC5-7DAF884D5171}"?"Smb" "Tcpip6" "{D8FF1F42-5602-4178-8C4C-C0125B533FDB}"?"Smb" "Tcpip6" "{66BBF80F-F778-45A1-9565-9E9C33CF2E50}"?"Smb" "Tcpip6" "{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}"?"Smb" "Tcpip6" "{49C3262A-8F6D-4076-B989-B56E9D265BB8}"?"Smb" "Tcpip6" "{D8F99065-6A20-4050-AECF-E62811096EDA}"?"Smb" "Tcpip6" "{3E131067-7BC9-467B-A373-4557DC2545DE}"?"Smb" "Tcpip6" "{2053B Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_Smb_Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\LanmanWorkstation_Smb_Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\LanmanWorkstation_Smb_Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\LanmanWorkstation_Smb_Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\LanmanWorkstation_Smb_Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\LanmanWorkstation_Smb_Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\LanmanWorkstation_Smb_Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\LanmanWorkstation_Smb_Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\LanmanWorkstation_Smb_Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\LanmanWorkstation_Smb_Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\LanmanWorkstation_Smb_Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\LanmanWorkstation_Smb_Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\LanmanWorkstation_Smb_Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\LanmanWorkstation_Smb_Tcpip6_{66BB Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\NetBT_Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\NetBT_Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\NetBT_Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\NetBT_Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\NetBT_Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\NetBT_Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\NetBT_Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\NetBT_Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\NetBT_Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\NetBT_Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\NetBT_Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\NetBT_Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\NetBT_Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\NetBT_Tcpip6_{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\NetBT_Tcpip6_{49C3262A-8F6D-4076-B989-B56E9D265BB8}?\Device\NetBT_Tcpip6_{D8F99065-6A20-4050-AECF-E62811096EDA}?\Device\Ne Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route "NetBT" "Tcpip" "{D98F2250-4813-4758-9871-9B832A503D40}"?"NetBT" "Tcpip" "{D4B4741B-89C2-4C79-AF96-98B70FA5676E}"?"NetBT" "Tcpip" "{32F333F3-1631-466E-B6FC-7A15E0371C07}"?"NetBT" "Tcpip" "{9E7CE22F-6BA1-4767-96E9-80148273B77E}"?"NetBT" "Tcpip" "{DB652748-F4E5-43EA-B702-C3513769F3D4}"?"NetBT" "Tcpip" "{CA34CC92-2599-464B-B82F-FB9082705712}"?"NetBT" "Tcpip" "{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}"?"NetBT" "Tcpip6" "{2624C68B-610E-481D-B66D-CC9F23BA3A11}"?"NetBT" "Tcpip6" "{92134468-C594-4C0C-8365-4F0494B061F1}"?"NetBT" "Tcpip6" "{E635B87E-3DCC-4284-8893-B259DA57DA1D}"?"NetBT" "Tcpip6" "{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}"?"NetBT" "Tcpip6" "{53F9A4F8-5637-4800-BAC5-7DAF884D5171}"?"NetBT" "Tcpip6" "{D8FF1F42-5602-4178-8C4C-C0125B533FDB}"?"NetBT" "Tcpip6" "{66BBF80F-F778-45A1-9565-9E9C33CF2E50}"?"NetBT" "Tcpip6" "{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}"?"NetBT" "Tcpip6" "{49C3262A-8F6D-4076-B989-B56E9D265BB8}"?"NetBT" "Tcpip6" "{D8F99065-6A20-4050-AECF-E62811096EDA}"?"NetBT" "Tcpip6" "{3E131067-7BC9-467B-A373-4 Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\NetBIOS_NetBT_Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\NetBIOS_NetBT_Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\NetBIOS_NetBT_Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\NetBIOS_NetBT_Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\NetBIOS_NetBT_Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\NetBIOS_NetBT_Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\NetBIOS_NetBT_Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\NetBIOS_NetBT_Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\NetBIOS_NetBT_Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\NetBIOS_NetBT_Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\NetBIOS_NetBT_Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\NetBIOS_NetBT_Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\NetBIOS_NetBT_Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\NetBIOS_NetBT_Tcpip6_{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\Ne Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind \Device\Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\Tcpip6_{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\Tcpip6_{49C3262A-8F6D-4076-B989-B56E9D265BB8}?\Device\Tcpip6_{D8F99065-6A20-4050-AECF-E62811096EDA}?\Device\Tcpip6_{3E131067-7BC9-467B-A373-4557DC2545DE}?\Device\Tcpip6_{2053B308-ED58-4247-A26E-488216489595}?\Dev Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route "Tcpip" "{D98F2250-4813-4758-9871-9B832A503D40}"?"Tcpip" "{D4B4741B-89C2-4C79-AF96-98B70FA5676E}"?"Tcpip" "{32F333F3-1631-466E-B6FC-7A15E0371C07}"?"Tcpip" "{9E7CE22F-6BA1-4767-96E9-80148273B77E}"?"Tcpip" "{DB652748-F4E5-43EA-B702-C3513769F3D4}"?"Tcpip" "{CA34CC92-2599-464B-B82F-FB9082705712}"?"Tcpip" "{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}"?"Tcpip6" "{2624C68B-610E-481D-B66D-CC9F23BA3A11}"?"Tcpip6" "{92134468-C594-4C0C-8365-4F0494B061F1}"?"Tcpip6" "{E635B87E-3DCC-4284-8893-B259DA57DA1D}"?"Tcpip6" "{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}"?"Tcpip6" "{53F9A4F8-5637-4800-BAC5-7DAF884D5171}"?"Tcpip6" "{D8FF1F42-5602-4178-8C4C-C0125B533FDB}"?"Tcpip6" "{66BBF80F-F778-45A1-9565-9E9C33CF2E50}"?"Tcpip6" "{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}"?"Tcpip6" "{49C3262A-8F6D-4076-B989-B56E9D265BB8}"?"Tcpip6" "{D8F99065-6A20-4050-AECF-E62811096EDA}"?"Tcpip6" "{3E131067-7BC9-467B-A373-4557DC2545DE}"?"Tcpip6" "{2053B308-ED58-4247-A26E-488216489595}"?"Tcpip6" "{0A7EE80F-3808-4952-B70D-C4C060178851}"?"Tcpip6" "{B2EEE57C-CDC6-4E11- Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export \Device\NetBT_Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\NetBT_Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\NetBT_Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\NetBT_Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\NetBT_Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\NetBT_Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\NetBT_Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\NetBT_Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\NetBT_Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\NetBT_Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\NetBT_Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\NetBT_Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\NetBT_Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\NetBT_Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\NetBT_Tcpip6_{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\NetBT_Tcpip6_{49C3262A-8F6D-4076-B989-B56E9D265BB8}?\Device\NetBT_Tcpip6_{D8F99065-6A20-4050-AECF-E62811096EDA}?\Device\Ne Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind \Device\Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\Tcpip6_{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\Tcpip6_{49C3262A-8F6D-4076-B989-B56E9D265BB8}?\Device\Tcpip6_{D8F99065-6A20-4050-AECF-E62811096EDA}?\Device\Tcpip6_{3E131067-7BC9-467B-A373-4557DC2545DE}?\Device\Tcpip6_{2053B308-ED58-4247-A26E-488216489595}?\Dev Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route "Tcpip" "{D98F2250-4813-4758-9871-9B832A503D40}"?"Tcpip" "{D4B4741B-89C2-4C79-AF96-98B70FA5676E}"?"Tcpip" "{32F333F3-1631-466E-B6FC-7A15E0371C07}"?"Tcpip" "{9E7CE22F-6BA1-4767-96E9-80148273B77E}"?"Tcpip" "{DB652748-F4E5-43EA-B702-C3513769F3D4}"?"Tcpip" "{CA34CC92-2599-464B-B82F-FB9082705712}"?"Tcpip" "{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}"?"Tcpip6" "{2624C68B-610E-481D-B66D-CC9F23BA3A11}"?"Tcpip6" "{92134468-C594-4C0C-8365-4F0494B061F1}"?"Tcpip6" "{E635B87E-3DCC-4284-8893-B259DA57DA1D}"?"Tcpip6" "{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}"?"Tcpip6" "{53F9A4F8-5637-4800-BAC5-7DAF884D5171}"?"Tcpip6" "{D8FF1F42-5602-4178-8C4C-C0125B533FDB}"?"Tcpip6" "{66BBF80F-F778-45A1-9565-9E9C33CF2E50}"?"Tcpip6" "{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}"?"Tcpip6" "{49C3262A-8F6D-4076-B989-B56E9D265BB8}"?"Tcpip6" "{D8F99065-6A20-4050-AECF-E62811096EDA}"?"Tcpip6" "{3E131067-7BC9-467B-A373-4557DC2545DE}"?"Tcpip6" "{2053B308-ED58-4247-A26E-488216489595}"?"Tcpip6" "{0A7EE80F-3808-4952-B70D-C4C060178851}"?"Tcpip6" "{B2EEE57C-CDC6-4E11- Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export \Device\Smb_Tcpip_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\Smb_Tcpip_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\Smb_Tcpip_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\Smb_Tcpip_{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\Smb_Tcpip_{DB652748-F4E5-43EA-B702-C3513769F3D4}?\Device\Smb_Tcpip_{CA34CC92-2599-464B-B82F-FB9082705712}?\Device\Smb_Tcpip_{33E16AA4-7666-4C96-A7FD-CC130D4C0D78}?\Device\Smb_Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\Smb_Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\Smb_Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\Smb_Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\Smb_Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\Smb_Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\Smb_Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\Smb_Tcpip6_{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\Smb_Tcpip6_{49C3262A-8F6D-4076-B989-B56E9D265BB8}?\Device\Smb_Tcpip6_{D8F99065-6A20-4050-AECF-E62811096EDA}?\Device\Smb_Tcpip6_{3E131067-7BC9-467B-A373- Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind \Device\{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\{49C3262A-8F6D-4076-B989-B56E9D265BB8}?\Device\{D8F99065-6A20-4050-AECF-E62811096EDA}?\Device\{3E131067-7BC9-467B-A373-4557DC2545DE}?\Device\{2053B308-ED58-4247-A26E-488216489595}?\Device\{0A7EE80F-3808-4952-B70D-C4C060178851}?\Device\{B2EEE57C-CDC6-4E11-A875-B3581B7FE60F}?\Device\{D98F2250-4813-4758-9871-9B832A503D40}?\Device\{96B3EC9A-02F0-46FC-9D61-0DA55ECC6A38}?\Device\{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\{B11296F3-97CF-4125-A18D-BBF9E83220FE}?\Device\{7463E9F4-4CB3-43DB-9B6B-1FE85AC1D31C}?\Device\{9E7CE22F-6BA1-4767-96E9-80148273B77E}?\Device\{83D8F60C-12B1-43AA-8EA3-5E4 Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route "{2624C68B-610E-481D-B66D-CC9F23BA3A11}"?"{92134468-C594-4C0C-8365-4F0494B061F1}"?"{E635B87E-3DCC-4284-8893-B259DA57DA1D}"?"{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}"?"{53F9A4F8-5637-4800-BAC5-7DAF884D5171}"?"{D8FF1F42-5602-4178-8C4C-C0125B533FDB}"?"{66BBF80F-F778-45A1-9565-9E9C33CF2E50}"?"{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}"?"{49C3262A-8F6D-4076-B989-B56E9D265BB8}"?"{D8F99065-6A20-4050-AECF-E62811096EDA}"?"{3E131067-7BC9-467B-A373-4557DC2545DE}"?"{2053B308-ED58-4247-A26E-488216489595}"?"{0A7EE80F-3808-4952-B70D-C4C060178851}"?"{B2EEE57C-CDC6-4E11-A875-B3581B7FE60F}"?"{D98F2250-4813-4758-9871-9B832A503D40}"?"{96B3EC9A-02F0-46FC-9D61-0DA55ECC6A38}"?"{D4B4741B-89C2-4C79-AF96-98B70FA5676E}"?"{32F333F3-1631-466E-B6FC-7A15E0371C07}"?"{B11296F3-97CF-4125-A18D-BBF9E83220FE}"?"{7463E9F4-4CB3-43DB-9B6B-1FE85AC1D31C}"?"{9E7CE22F-6BA1-4767-96E9-80148273B77E}"?"{83D8F60C-12B1-43AA-8EA3-5E44886CEF0E}"?"{3F356AE9-A403-4628-A79F-B9B40C295D59}"?"{554A20C4-EF6E-4DEE-A3B0-FBE2BCBF16D2}"?"{D123945A-2F0C-4F0B-AC76-E74F7A04C161} Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export \Device\Tcpip6_{2624C68B-610E-481D-B66D-CC9F23BA3A11}?\Device\Tcpip6_{92134468-C594-4C0C-8365-4F0494B061F1}?\Device\Tcpip6_{E635B87E-3DCC-4284-8893-B259DA57DA1D}?\Device\Tcpip6_{37CD0D1F-6593-48EA-AD1F-E307C7F45CB8}?\Device\Tcpip6_{53F9A4F8-5637-4800-BAC5-7DAF884D5171}?\Device\Tcpip6_{D8FF1F42-5602-4178-8C4C-C0125B533FDB}?\Device\Tcpip6_{66BBF80F-F778-45A1-9565-9E9C33CF2E50}?\Device\Tcpip6_{C9E50340-D4A4-4B4D-8DA5-3622B681F4D7}?\Device\Tcpip6_{49C3262A-8F6D-4076-B989-B56E9D265BB8}?\Device\Tcpip6_{D8F99065-6A20-4050-AECF-E62811096EDA}?\Device\Tcpip6_{3E131067-7BC9-467B-A373-4557DC2545DE}?\Device\Tcpip6_{2053B308-ED58-4247-A26E-488216489595}?\Device\Tcpip6_{0A7EE80F-3808-4952-B70D-C4C060178851}?\Device\Tcpip6_{B2EEE57C-CDC6-4E11-A875-B3581B7FE60F}?\Device\Tcpip6_{D98F2250-4813-4758-9871-9B832A503D40}?\Device\Tcpip6_{96B3EC9A-02F0-46FC-9D61-0DA55ECC6A38}?\Device\Tcpip6_{D4B4741B-89C2-4C79-AF96-98B70FA5676E}?\Device\Tcpip6_{32F333F3-1631-466E-B6FC-7A15E0371C07}?\Device\Tcpip6_{B11296F3-97CF-4125-A18D-BBF9E83220F Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27b10 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b974da (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbb16c85 (not active ControlSet) ---- EOF - GMER 2.2 ----