GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-05 00:02:33 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEKT-60V5T1 rev.12.01A12 298,09GB Running: gmer.exe; Driver: C:\Users\abc\AppData\Local\Temp\ugtoaaod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000149b00440 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000149b00430 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000149b00450 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0xffffffffd245ee90} .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 0000000149b003b0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000149b00320 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000149b00380 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 0000000149b002e0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000149b00410 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 0000000149b002d0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000149b00310 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000149b00390 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 0000000149b003c0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000149b00230 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0xffffffffd245e890} .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000149b00460 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000149b00370 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 0000000149b002f0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000149b00350 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000149b00290 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 0000000149b002b0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 0000000149b003a0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000149b00330 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0xffffffffd245e590} .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 0000000149b003e0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000149b00240 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 0000000149b001e0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000149b00250 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0xffffffffd245e090} .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000149b00470 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000149b00480 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000149b00300 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000149b00360 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 0000000149b002a0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 0000000149b002c0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000149b00340 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000149b00420 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000149b00260 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000149b00270 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 0000000149b003d0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0xffffffffd245db90} .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 0000000149b001f0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000149b00210 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000149b00200 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 0000000149b003f0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000149b00400 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000149b00220 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000149b00280 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000149b00440 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000149b00430 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000149b00450 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0xffffffffd245ee90} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 0000000149b003b0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000149b00320 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000149b00380 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 0000000149b002e0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000149b00410 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 0000000149b002d0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000149b00310 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000149b00390 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 0000000149b003c0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000149b00230 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0xffffffffd245e890} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000149b00460 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000149b00370 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 0000000149b002f0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000149b00350 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000149b00290 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 0000000149b002b0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 0000000149b003a0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000149b00330 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0xffffffffd245e590} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 0000000149b003e0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000149b00240 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 0000000149b001e0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000149b00250 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0xffffffffd245e090} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000149b00470 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000149b00480 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000149b00300 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000149b00360 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 0000000149b002a0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 0000000149b002c0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000149b00340 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000149b00420 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000149b00260 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000149b00270 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 0000000149b003d0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0xffffffffd245db90} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 0000000149b001f0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000149b00210 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000149b00200 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 0000000149b003f0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000149b00400 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000149b00220 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000149b00280 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000100070450 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0xffffffff889cee90} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0xffffffff889ce890} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0xffffffff889ce590} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0xffffffff889ce090} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000001000703d0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0xffffffff889cdb90} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0xffffffff889cee90} .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0xffffffff889ce890} .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0xffffffff889ce590} .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0xffffffff889ce090} .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0xffffffff889cdb90} .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0xffffffff889cee90} .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0xffffffff889ce890} .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0xffffffff889ce590} .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0xffffffff889ce090} .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0xffffffff889cdb90} .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000100040430 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000100040450 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0xffffffff8899ee90} .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000100040320 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000100040410 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000100040310 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000100040390 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000100040230 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0xffffffff8899e890} .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000100040460 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000100040370 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000100040350 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000100040290 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000100040330 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0xffffffff8899e590} .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000100040240 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000100040250 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0xffffffff8899e090} .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000100040470 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000100040480 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000100040300 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000100040360 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000100040340 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000100040420 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000100040260 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000100040270 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000001000403d0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0xffffffff8899db90} .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000100040210 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000100040200 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000100040220 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000100040280 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\atieclxx.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\vcsFPService.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076901465 2 bytes [90, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769014bb 2 bytes [90, 76] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\taskhost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\Explorer.EXE[2748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\System32\rundll32.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\Dwm.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000100070450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0xffffffff889cee90} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000001000703b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000100070230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0xffffffff889ce890} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000100070330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0xffffffff889ce590} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000100070250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0xffffffff889ce090} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000001000703d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0xffffffff889cdb90} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000100070280 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\SysWOW64\RunDll32.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076901465 2 bytes [90, 76] .text C:\Windows\SysWOW64\RunDll32.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769014bb 2 bytes [90, 76] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\SearchIndexer.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0xffffffff889cee90} .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0xffffffff889ce890} .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0xffffffff889ce590} .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0xffffffff889ce090} .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0xffffffff889cdb90} .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000100070280 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000100070430 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000100070450 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0xffffffff889cee90} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000001000703b0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000100070320 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000100070380 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000001000702e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000100070410 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000001000702d0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000100070310 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000100070390 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000001000703c0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000100070230 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0xffffffff889ce890} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000100070460 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000100070370 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000001000702f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000100070350 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000100070290 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000001000702b0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000001000703a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000100070330 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0xffffffff889ce590} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000001000703e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000100070240 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000001000701e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000100070250 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0xffffffff889ce090} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000100070470 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000100070480 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000100070300 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000100070360 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000001000702a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000001000702c0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000100070340 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000100070420 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000100070260 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000100070270 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000001000703d0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0xffffffff889cdb90} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000001000701f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000100070210 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000100070200 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000100070400 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000100070220 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\System32\svchost.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\wbem\wmiprvse.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776a13c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776a1410 5 bytes JMP 0000000077800430 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a15c0 1 byte JMP 0000000077800450 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000776a15c2 3 bytes {JMP 0x15ee90} .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a15d0 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a1680 5 bytes JMP 0000000077800320 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a16b0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a1710 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776a1760 5 bytes JMP 0000000077800410 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a1790 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a17b0 5 bytes JMP 0000000077800310 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a17f0 5 bytes JMP 0000000077800390 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a1840 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a19a0 1 byte JMP 0000000077800230 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000776a19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a1b60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a1b90 5 bytes JMP 0000000077800370 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a1c70 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a1c80 5 bytes JMP 0000000077800350 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a1ce0 5 bytes JMP 0000000077800290 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a1d70 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a1d90 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a1da0 1 byte JMP 0000000077800330 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000776a1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a1e10 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a1e40 5 bytes JMP 0000000077800240 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a2100 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a21c0 1 byte JMP 0000000077800250 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000776a21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a21f0 5 bytes JMP 0000000077800470 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a2200 5 bytes JMP 0000000077800480 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a2230 5 bytes JMP 0000000077800300 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a2240 5 bytes JMP 0000000077800360 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a22a0 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a22f0 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a2330 5 bytes JMP 0000000077800340 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a2620 5 bytes JMP 0000000077800420 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a2820 5 bytes JMP 0000000077800260 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a2830 5 bytes JMP 0000000077800270 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a2840 1 byte JMP 00000000778003d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000776a2842 3 bytes {JMP 0x15db90} .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a2a00 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a2a10 5 bytes JMP 0000000077800210 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a2a80 5 bytes JMP 0000000077800200 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a2ae0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a2af0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a2b00 5 bytes JMP 0000000077800220 .text C:\Windows\system32\wbem\wmiprvse.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a2be0 5 bytes JMP 0000000077800280 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713df6d3f Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713df6d3f@d0dfc7a12693 0x04 0x66 0x6F 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713df6d3f@3efca58d35b0 0xF6 0x3A 0xF9 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 8180 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 4831 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9D40D3E3-FB21-4641-B058-6692A2D7ADBC}@LeaseObtainedTime 1362436533 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9D40D3E3-FB21-4641-B058-6692A2D7ADBC}@T1 1362479733 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9D40D3E3-FB21-4641-B058-6692A2D7ADBC}@T2 1362512133 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9D40D3E3-FB21-4641-B058-6692A2D7ADBC}@LeaseTerminatesTime 1362522933 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713df6d3f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713df6d3f@d0dfc7a12693 0x04 0x66 0x6F 0x9C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713df6d3f@3efca58d35b0 0xF6 0x3A 0xF9 0x07 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\abc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IXHYS39\talk_aqq_eu[1].htm 1493 bytes File C:\Users\abc\AppData\Roaming\Microsoft\Windows\Cookies\65JNA5FM.txt 353 bytes ---- EOF - GMER 2.1 ----