GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-04 22:40:49 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698,64GB Running: djhdzzcg.exe; Driver: C:\Users\Marta\AppData\Local\Temp\fwddikog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003bb4000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80003bb402e 19 bytes [CE, 01, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000149830460 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000149830450 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000149830370 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000149830470 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 00000001498303e0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000149830320 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 00000001498303b0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000149830390 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 00000001498302e0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 00000001498302d0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000149830310 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 00000001498303c0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 00000001498303f0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000149830230 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000149830480 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 00000001498303a0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 00000001498302f0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000149830350 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000149830290 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 00000001498302b0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 00000001498303d0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000149830330 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000149830410 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000149830240 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 00000001498301e0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000149830250 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000149830490 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 00000001498304a0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000149830300 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000149830360 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 00000001498302a0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 00000001498302c0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000149830380 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000149830340 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000149830440 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000149830260 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000149830270 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000149830400 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 00000001498301f0 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000149830210 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000149830200 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000149830420 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000149830430 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000149830220 .text C:\windows\system32\csrss.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000149830280 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\wininit.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000149830460 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000149830450 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000149830370 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000149830470 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 00000001498303e0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000149830320 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 00000001498303b0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000149830390 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 00000001498302e0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 00000001498302d0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000149830310 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 00000001498303c0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 00000001498303f0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000149830230 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000149830480 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 00000001498303a0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 00000001498302f0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000149830350 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000149830290 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 00000001498302b0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 00000001498303d0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000149830330 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000149830410 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000149830240 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 00000001498301e0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000149830250 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000149830490 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 00000001498304a0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000149830300 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000149830360 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 00000001498302a0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 00000001498302c0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000149830380 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000149830340 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000149830440 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000149830260 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000149830270 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000149830400 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 00000001498301f0 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000149830210 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000149830200 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000149830420 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000149830430 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000149830220 .text C:\windows\system32\csrss.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000149830280 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\services.exe[660] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000100070460 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000100070450 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000100070370 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000100070470 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 00000001000703e0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000100070320 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 00000001000703b0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000100070390 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000100070310 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 00000001000703c0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000100070230 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000100070480 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 00000001000703d0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000100070410 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000100070250 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000100070490 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000100070380 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000100070440 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000100070420 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000100070430 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000100070460 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000100070450 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000100070370 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000100070470 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 00000001000703e0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000100070320 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 00000001000703b0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000100070390 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000100070310 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 00000001000703c0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000100070230 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000100070480 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 00000001000703d0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000100070410 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000100070250 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000100070490 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000100070380 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000100070440 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000100070420 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000100070430 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\winlogon.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\nvvsvc.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\svchost.exe[972] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\System32\svchost.exe[424] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\System32\svchost.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000100070230 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000100070250 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000100070490 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[1032] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\svchost.exe[1216] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\nvvsvc.exe[1344] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\WLANExt.exe[1572] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\Dwm.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\Explorer.EXE[1624] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000100070460 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000100070450 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000100070370 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000100070470 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 00000001000703e0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000100070320 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 00000001000703b0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000100070390 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 00000001000702d0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000100070310 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 00000001000703c0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 00000001000703f0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000100070230 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000100070480 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 00000001000703a0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 00000001000702f0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000100070350 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000100070290 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 00000001000702b0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 00000001000703d0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000100070330 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000100070410 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000100070240 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000100070250 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000100070490 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 00000001000704a0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000100070300 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000100070360 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 00000001000702a0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 00000001000702c0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000100070380 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000100070340 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000100070440 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000100070260 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000100070270 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000100070400 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000100070200 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000100070420 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000100070430 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000100070220 .text C:\windows\System32\spoolsv.exe[1864] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\taskhost.exe[1940] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\taskhost.exe[1940] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9200b8 .text C:\windows\system32\taskhost.exe[1940] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd920038 .text C:\windows\system32\taskhost.exe[1940] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff927490 5 bytes JMP 000007fffd920138 .text C:\windows\system32\taskhost.exe[1940] C:\windows\system32\WINMM.dll!waveOutReset 000007fefc0aa38c 5 bytes JMP 000007fefd9202b8 .text C:\windows\system32\taskhost.exe[1940] C:\windows\system32\WINMM.dll!waveOutPause 000007fefc0c4b60 5 bytes JMP 000007fefd920238 .text C:\windows\system32\taskhost.exe[1940] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefc0c4ba0 5 bytes JMP 000007fefd9201b8 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\svchost.exe[1980] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2340] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2140] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\wbem\wmiprvse.exe[1780] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000076031401 2 bytes JMP 757bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000076031419 2 bytes JMP 757bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000076031431 2 bytes JMP 75838ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetModuleInformation + 42 000000007603144a 2 bytes CALL 757948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000760314dd 2 bytes JMP 758387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000760314f5 2 bytes JMP 75838978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 000000007603150d 2 bytes JMP 75838698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000076031525 2 bytes JMP 75838a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 000000007603153d 2 bytes JMP 757afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000076031555 2 bytes JMP 757b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 000000007603156d 2 bytes JMP 75838f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000076031585 2 bytes JMP 75838ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!QueryWorkingSet + 17 000000007603159d 2 bytes JMP 7583865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000760315b5 2 bytes JMP 757afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000760315cd 2 bytes JMP 757bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000760316b2 2 bytes JMP 75838e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3500] C:\windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000760316bd 2 bytes JMP 758385f1 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\taskeng.exe[3200] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\svchost.exe[2196] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Windows\System32\igfxtray.exe[3580] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Windows\System32\hkcmd.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Windows\System32\igfxpers.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9200b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd920038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\system32\WINMM.dll!waveOutReset 000007fefc0aa38c 5 bytes JMP 000007fefd9202b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\system32\WINMM.dll!waveOutPause 000007fefc0c4b60 5 bytes JMP 000007fefd920238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefc0c4ba0 5 bytes JMP 000007fefd9201b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff927490 5 bytes JMP 000007fffd920138 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9100b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd910038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\system32\WINMM.dll!waveOutReset 000007fefc0aa38c 5 bytes JMP 000007fefd9102b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\system32\WINMM.dll!waveOutPause 000007fefc0c4b60 5 bytes JMP 000007fefd910238 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefc0c4ba0 5 bytes JMP 000007fefd9101b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[940] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff927490 5 bytes JMP 000007fffd910138 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4160] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\SearchIndexer.exe[4176] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9300b8 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd930038 .text C:\windows\system32\wbem\unsecapp.exe[4540] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff927490 5 bytes JMP 000007fffd930138 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9300b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4912] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd930038 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\System32\svchost.exe[5004] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9200b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd920038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\system32\WINMM.dll!waveOutReset 000007fefc0aa38c 5 bytes JMP 000007fefd9202b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\system32\WINMM.dll!waveOutPause 000007fefc0c4b60 5 bytes JMP 000007fefd920238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefc0c4ba0 5 bytes JMP 000007fefd9201b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1468] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff927490 5 bytes JMP 000007fffd920138 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9100b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd910038 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff927490 5 bytes JMP 000007fffd910138 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\system32\ddraw.dll!DirectDrawCreate 000007fef49f815c 4 bytes JMP 000007fefd9101b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4288] C:\windows\system32\ddraw.dll!DirectDrawCreateEx 000007fef49f8968 4 bytes JMP 000007fefd910238 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\kernel32.dll!CreateFileW 0000000075793f1c 3 bytes JMP 000000016b049f80 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\kernel32.dll!CreateFileW + 4 0000000075793f20 1 byte [F5] .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000757948db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000757948f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075794925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\USER32.dll!SetWindowPos 0000000077858e4e 5 bytes JMP 000000016b049520 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\USER32.dll!ShowWindow 0000000077860dfb 5 bytes JMP 000000016b049300 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\USER32.dll!SetFocus 0000000077862175 5 bytes JMP 000000016b049410 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\USER32.dll!SetActiveWindow 0000000077863208 5 bytes JMP 000000016b049630 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\USER32.dll!BringWindowToTop 0000000077867b3b 5 bytes JMP 000000016b049030 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\USER32.dll!SetForegroundWindow 000000007787f170 5 bytes JMP 000000016b048f20 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\USER32.dll!SwitchToThisWindow 00000000778990fc 5 bytes JMP 000000016b049140 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\USER32.dll!ShowWindowAsync 00000000778b7d97 5 bytes JMP 000000016b0491f0 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000762d9d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\ole32.dll!DoDragDrop 000000007639a827 5 bytes JMP 000000016b048e30 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076031401 2 bytes JMP 757bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076031419 2 bytes JMP 757bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076031431 2 bytes JMP 75838ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007603144a 2 bytes CALL 757948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760314dd 2 bytes JMP 758387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760314f5 2 bytes JMP 75838978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007603150d 2 bytes JMP 75838698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076031525 2 bytes JMP 75838a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007603153d 2 bytes JMP 757afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076031555 2 bytes JMP 757b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007603156d 2 bytes JMP 75838f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076031585 2 bytes JMP 75838ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007603159d 2 bytes JMP 7583865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760315b5 2 bytes JMP 757afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760315cd 2 bytes JMP 757bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760316b2 2 bytes JMP 75838e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760316bd 2 bytes JMP 758385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9300b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd930038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff927490 5 bytes JMP 000007fffd930138 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\system32\WINMM.dll!waveOutReset 000007fefc0aa38c 5 bytes JMP 000007fefd9302b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\system32\WINMM.dll!waveOutPause 000007fefc0c4b60 5 bytes JMP 000007fefd930238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3568] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefc0c4ba0 5 bytes JMP 000007fefd9301b8 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000757948db 5 bytes JMP 0000000100342710 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000757948f3 5 bytes JMP 00000001003427f0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075794925 5 bytes JMP 0000000100342780 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076031401 2 bytes JMP 757bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076031419 2 bytes JMP 757bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076031431 2 bytes JMP 75838ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007603144a 2 bytes CALL 757948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760314dd 2 bytes JMP 758387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760314f5 2 bytes JMP 75838978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007603150d 2 bytes JMP 75838698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076031525 2 bytes JMP 75838a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007603153d 2 bytes JMP 757afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076031555 2 bytes JMP 757b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007603156d 2 bytes JMP 75838f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076031585 2 bytes JMP 75838ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007603159d 2 bytes JMP 7583865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760315b5 2 bytes JMP 757afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760315cd 2 bytes JMP 757bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760316b2 2 bytes JMP 75838e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760316bd 2 bytes JMP 758385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4808] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000762d9d0b 5 bytes JMP 0000000100342850 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4804] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075798791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000757948db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000757948f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075794925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000762d9d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076031401 2 bytes JMP 757bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076031419 2 bytes JMP 757bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076031431 2 bytes JMP 75838ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007603144a 2 bytes CALL 757948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760314dd 2 bytes JMP 758387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760314f5 2 bytes JMP 75838978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007603150d 2 bytes JMP 75838698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076031525 2 bytes JMP 75838a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007603153d 2 bytes JMP 757afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076031555 2 bytes JMP 757b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007603156d 2 bytes JMP 75838f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076031585 2 bytes JMP 75838ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007603159d 2 bytes JMP 7583865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760315b5 2 bytes JMP 757afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760315cd 2 bytes JMP 757bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760316b2 2 bytes JMP 75838e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3340] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760316bd 2 bytes JMP 758385f1 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\DllHost.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\wbem\wmiprvse.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076031401 2 bytes JMP 757bb21b C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076031419 2 bytes JMP 757bb346 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076031431 2 bytes JMP 75838ea9 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007603144a 2 bytes CALL 757948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760314dd 2 bytes JMP 758387a2 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760314f5 2 bytes JMP 75838978 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007603150d 2 bytes JMP 75838698 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076031525 2 bytes JMP 75838a62 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007603153d 2 bytes JMP 757afca8 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076031555 2 bytes JMP 757b68ef C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007603156d 2 bytes JMP 75838f61 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076031585 2 bytes JMP 75838ac2 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007603159d 2 bytes JMP 7583865c C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760315b5 2 bytes JMP 757afd41 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760315cd 2 bytes JMP 757bb2dc C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760316b2 2 bytes JMP 75838e24 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5148] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760316bd 2 bytes JMP 758385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9300b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd930038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff927490 5 bytes JMP 000007fffd930138 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\system32\WINMM.dll!waveOutReset 000007fefc0aa38c 5 bytes JMP 000007fefd9302b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\system32\WINMM.dll!waveOutPause 000007fefc0c4b60 5 bytes JMP 000007fefd930238 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5160] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefc0c4ba0 5 bytes JMP 000007fefd9301b8 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5392] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000757948db 5 bytes JMP 0000000110002710 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5392] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000757948f3 5 bytes JMP 00000001100027f0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5392] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075794925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076031401 2 bytes JMP 757bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076031419 2 bytes JMP 757bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076031431 2 bytes JMP 75838ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007603144a 2 bytes CALL 757948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760314dd 2 bytes JMP 758387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760314f5 2 bytes JMP 75838978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007603150d 2 bytes JMP 75838698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076031525 2 bytes JMP 75838a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007603153d 2 bytes JMP 757afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076031555 2 bytes JMP 757b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007603156d 2 bytes JMP 75838f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076031585 2 bytes JMP 75838ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007603159d 2 bytes JMP 7583865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760315b5 2 bytes JMP 757afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760315cd 2 bytes JMP 757bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760316b2 2 bytes JMP 75838e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4144] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760316bd 2 bytes JMP 758385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 00000001000b0460 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 00000001000b0450 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 00000001000b0370 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 00000001000b0470 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 00000001000b03e0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 00000001000b0320 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 00000001000b03b0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 00000001000b0390 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 00000001000b02e0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 00000001000b02d0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 00000001000b0310 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 00000001000b03c0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 00000001000b03f0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 00000001000b0230 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 00000001000b0480 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 00000001000b03a0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 00000001000b02f0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 00000001000b0350 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 00000001000b0290 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 00000001000b02b0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 00000001000b03d0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 00000001000b0330 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 00000001000b0410 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 00000001000b0240 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 00000001000b01e0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 00000001000b0250 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 00000001000b0490 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 00000001000b04a0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 00000001000b0300 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 00000001000b0360 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 00000001000b02a0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 00000001000b02c0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 00000001000b0380 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 00000001000b0340 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 00000001000b0440 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 00000001000b0260 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 00000001000b0270 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 00000001000b0400 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 00000001000b01f0 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 00000001000b0210 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 00000001000b0200 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 00000001000b0420 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 00000001000b0430 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 00000001000b0220 .text C:\Program Files\Realtek\RtLED\RtLEDService.exe[3820] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 00000001000b0280 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\Realtek\RtLED\RtLED.exe[5412] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4488] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bb1360 5 bytes JMP 0000000077d10460 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bb13b0 5 bytes JMP 0000000077d10450 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bb1510 5 bytes JMP 0000000077d10370 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bb1560 5 bytes JMP 0000000077d10470 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bb1570 5 bytes JMP 0000000077d103e0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bb1620 5 bytes JMP 0000000077d10320 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 5 bytes JMP 0000000077d103b0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bb1670 5 bytes JMP 0000000077d10390 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bb16b0 5 bytes JMP 0000000077d102e0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bb1730 5 bytes JMP 0000000077d102d0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bb1750 5 bytes JMP 0000000077d10310 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bb1790 5 bytes JMP 0000000077d103c0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bb17e0 5 bytes JMP 0000000077d103f0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bb1940 5 bytes JMP 0000000077d10230 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bb1b00 5 bytes JMP 0000000077d10480 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bb1b30 5 bytes JMP 0000000077d103a0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bb1c10 5 bytes JMP 0000000077d102f0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bb1c20 5 bytes JMP 0000000077d10350 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bb1c80 5 bytes JMP 0000000077d10290 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bb1d10 5 bytes JMP 0000000077d102b0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 5 bytes JMP 0000000077d103d0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bb1d40 5 bytes JMP 0000000077d10330 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bb1db0 5 bytes JMP 0000000077d10410 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bb1de0 5 bytes JMP 0000000077d10240 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bb20a0 5 bytes JMP 0000000077d101e0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bb2160 5 bytes JMP 0000000077d10250 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bb2190 5 bytes JMP 0000000077d10490 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb21a0 5 bytes JMP 0000000077d104a0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bb21d0 5 bytes JMP 0000000077d10300 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bb21e0 5 bytes JMP 0000000077d10360 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bb2240 5 bytes JMP 0000000077d102a0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bb2290 5 bytes JMP 0000000077d102c0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bb22c0 5 bytes JMP 0000000077d10380 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bb22d0 5 bytes JMP 0000000077d10340 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bb25c0 5 bytes JMP 0000000077d10440 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bb27c0 5 bytes JMP 0000000077d10260 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bb27d0 5 bytes JMP 0000000077d10270 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 5 bytes JMP 0000000077d10400 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bb29a0 5 bytes JMP 0000000077d101f0 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bb29b0 5 bytes JMP 0000000077d10210 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bb2a20 5 bytes JMP 0000000077d10200 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bb2a80 5 bytes JMP 0000000077d10420 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bb2a90 5 bytes JMP 0000000077d10430 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bb2aa0 5 bytes JMP 0000000077d10220 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bb2b80 5 bytes JMP 0000000077d10280 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd948ef0 5 bytes JMP 000007fffd9100b8 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd94bfd0 5 bytes JMP 000007fffd910038 .text C:\windows\system32\wuauclt.exe[3296] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff927490 5 bytes JMP 000007fffd910138 ---- Threads - GMER 2.1 ---- Thread C:\windows\System32\svchost.exe [5628:6032] 000007fef5239688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [1624] (GG drive overlay/GG Network S.A.)(2012-04-01 07:58:36) 000000005c080000 Library C:\ProgramData\GG\ggdrive\ggdrive-proxy.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [1624] (GG drive proxy/GG Network S.A.)(2012-04-01 07:58:36) 00000000590b0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ec78d5 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ec78d5@cc52af16f510 0x53 0xC0 0x62 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ec78d5@30392671fd80 0xB7 0xCC 0x3F 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ec78d5@9c3aafae872d 0xBC 0x3D 0xFB 0x91 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ec78d5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ec78d5@cc52af16f510 0x53 0xC0 0x62 0x4B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ec78d5@30392671fd80 0xB7 0xCC 0x3F 0x69 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ec78d5@9c3aafae872d 0xBC 0x3D 0xFB 0x91 ... ---- EOF - GMER 2.1 ----