GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-02 20:36:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0006 465,76GB Running: hzmm47cd.exe; Driver: C:\Users\Studion\AppData\Local\Temp\pwdiquow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 0000000149ec0460 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 0000000149ec0450 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 0000000149ec0370 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 0000000149ec0470 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 0000000149ec03e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 0000000149ec0320 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 0000000149ec03b0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 0000000149ec0390 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 0000000149ec02e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 0000000149ec02d0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 0000000149ec0310 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 0000000149ec03c0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 0000000149ec03f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 0000000149ec0230 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 0000000149ec0480 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 0000000149ec03a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 0000000149ec02f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 0000000149ec0350 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 0000000149ec0290 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 0000000149ec02b0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 0000000149ec03d0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 0000000149ec0330 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 0000000149ec0410 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 0000000149ec0240 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 0000000149ec01e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 0000000149ec0250 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 0000000149ec0490 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 0000000149ec04a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 0000000149ec0300 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 0000000149ec0360 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 0000000149ec02a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 0000000149ec02c0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 0000000149ec0380 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 0000000149ec0340 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 0000000149ec0440 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 0000000149ec0260 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 0000000149ec0270 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 0000000149ec0400 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 0000000149ec01f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 0000000149ec0210 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 0000000149ec0200 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 0000000149ec0420 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 0000000149ec0430 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 0000000149ec0220 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 0000000149ec0280 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 0000000149ec0460 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 0000000149ec0450 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 0000000149ec0370 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 0000000149ec0470 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 0000000149ec03e0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 0000000149ec0320 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 0000000149ec03b0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 0000000149ec0390 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 0000000149ec02e0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 0000000149ec02d0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 0000000149ec0310 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 0000000149ec03c0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 0000000149ec03f0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 0000000149ec0230 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 0000000149ec0480 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 0000000149ec03a0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 0000000149ec02f0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 0000000149ec0350 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 0000000149ec0290 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 0000000149ec02b0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 0000000149ec03d0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 0000000149ec0330 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 0000000149ec0410 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 0000000149ec0240 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 0000000149ec01e0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 0000000149ec0250 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 0000000149ec0490 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 0000000149ec04a0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 0000000149ec0300 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 0000000149ec0360 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 0000000149ec02a0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 0000000149ec02c0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 0000000149ec0380 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 0000000149ec0340 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 0000000149ec0440 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 0000000149ec0260 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 0000000149ec0270 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 0000000149ec0400 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 0000000149ec01f0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 0000000149ec0210 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 0000000149ec0200 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 0000000149ec0420 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 0000000149ec0430 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 0000000149ec0220 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 0000000149ec0280 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\System32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Program Files\IDT\WDM\STacSV64.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\atieclxx.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\WLANExt.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\System32\spoolsv.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\Dwm.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\taskhost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\Explorer.EXE[2092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\SysWOW64\PnkBstrA.exe[3020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072fd1a22 2 bytes [FD, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[3020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072fd1ad0 2 bytes [FD, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[3020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072fd1b08 2 bytes [FD, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[3020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072fd1bba 2 bytes [FD, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[3020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072fd1bda 2 bytes [FD, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769e1465 2 bytes [9E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769e14bb 2 bytes [9E, 76] .text ... * 2 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000001003d0460 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000001003d0450 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000001003d0370 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000001003d0470 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000001003d03e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000001003d0320 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000001003d03b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000001003d0390 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000001003d02e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000001003d02d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000001003d0310 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000001003d03c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000001003d03f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000001003d0230 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000001003d0480 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000001003d03a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000001003d02f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000001003d0350 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000001003d0290 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000001003d02b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000001003d03d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000001003d0330 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000001003d0410 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000001003d0240 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000001003d01e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000001003d0250 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000001003d0490 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000001003d04a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000001003d0300 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000001003d0360 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000001003d02a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000001003d02c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000001003d0380 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000001003d0340 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000001003d0440 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000001003d0260 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000001003d0270 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000001003d0400 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000001003d01f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000001003d0210 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000001003d0200 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000001003d0420 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000001003d0430 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000001003d0220 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000001003d0280 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\svchost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wbem\wmiprvse.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3732] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075358791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\SearchIndexer.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\System32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\taskmgr.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 0000000100070230 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 0000000100070250 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220 .text C:\Windows\system32\AUDIODG.EXE[4996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [4224:936] 000007feee489688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2092] (GG drive overlay/GG Network S.A.)(2013-06-16 16:59:36) 000000005c080000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3BDCEC42-450A-4527-8C2F-5852D9829587}\Connection@Name isatap.{8A8A6B1D-A64A-4D30-8A2C-307CBAE00D4E} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{4931A5B8-9454-4D0D-8479-0E9E7DFA0D25}?\Device\{8B98E13E-BDAA-49CD-A686-A2A0EDF40907}?\Device\{3BDCEC42-450A-4527-8C2F-5852D9829587}?\Device\{6F6C130A-2A91-4072-91FF-88D173D6527D}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{4931A5B8-9454-4D0D-8479-0E9E7DFA0D25}"?"{8B98E13E-BDAA-49CD-A686-A2A0EDF40907}"?"{3BDCEC42-450A-4527-8C2F-5852D9829587}"?"{6F6C130A-2A91-4072-91FF-88D173D6527D}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{4931A5B8-9454-4D0D-8479-0E9E7DFA0D25}?\Device\TCPIP6TUNNEL_{8B98E13E-BDAA-49CD-A686-A2A0EDF40907}?\Device\TCPIP6TUNNEL_{3BDCEC42-450A-4527-8C2F-5852D9829587}?\Device\TCPIP6TUNNEL_{6F6C130A-2A91-4072-91FF-88D173D6527D}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737cef0e4 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3BDCEC42-450A-4527-8C2F-5852D9829587}@InterfaceName isatap.{8A8A6B1D-A64A-4D30-8A2C-307CBAE00D4E} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3BDCEC42-450A-4527-8C2F-5852D9829587}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 26769 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x12 0x16 0xB5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0xC7 0xE8 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7F 0xD4 0xA6 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC0 0x81 0x71 0x41 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737cef0e4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x12 0x16 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0xC7 0xE8 0x0A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7F 0xD4 0xA6 0x76 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC0 0x81 0x71 0x41 ... ---- Files - GMER 2.1 ---- File C:\Users\Studion\AppData\Local\Mozilla\Firefox\Profiles\5f898yp6.default\cache2\entries\E558D76A55468DEB0582E673F07566FD99FBC5DF 385311 bytes ---- EOF - GMER 2.1 ----