GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-10 00:08:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000076 MTFDBAK1 rev.0005 119,24GB Running: x18ivwdg.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwriypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 000000014a570460 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 000000014a570450 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 000000014a570370 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 000000014a570470 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 000000014a5703e0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 000000014a570320 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 000000014a5703b0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 000000014a570390 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 000000014a5702e0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 000000014a5702d0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 000000014a570310 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 000000014a5703c0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 000000014a5703f0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 000000014a570230 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 000000014a570480 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 000000014a5703a0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 000000014a5702f0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 000000014a570350 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 000000014a570290 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 000000014a5702b0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 000000014a5703d0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 000000014a570330 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 000000014a570410 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 000000014a570240 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 000000014a5701e0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 000000014a570250 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 000000014a570490 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 000000014a5704a0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 000000014a570300 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 000000014a570360 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 000000014a5702a0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 000000014a5702c0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 000000014a570380 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 000000014a570340 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 000000014a570440 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 000000014a570260 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 000000014a570270 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 000000014a570400 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 000000014a5701f0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 000000014a570210 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 000000014a570200 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 000000014a570420 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 000000014a570430 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 000000014a570220 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 000000014a570280 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 000000014a570460 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 000000014a570450 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 000000014a570370 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 000000014a570470 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 000000014a5703e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 000000014a570320 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 000000014a5703b0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 000000014a570390 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 000000014a5702e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 000000014a5702d0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 000000014a570310 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 000000014a5703c0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 000000014a5703f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 000000014a570230 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 000000014a570480 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 000000014a5703a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 000000014a5702f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 000000014a570350 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 000000014a570290 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 000000014a5702b0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 000000014a5703d0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 000000014a570330 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 000000014a570410 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 000000014a570240 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 000000014a5701e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 000000014a570250 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 000000014a570490 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 000000014a5704a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 000000014a570300 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 000000014a570360 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 000000014a5702a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 000000014a5702c0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 000000014a570380 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 000000014a570340 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 000000014a570440 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 000000014a570260 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 000000014a570270 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 000000014a570400 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 000000014a5701f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 000000014a570210 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 000000014a570200 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 000000014a570420 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 000000014a570430 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 000000014a570220 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 000000014a570280 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\vcsFPService.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\winlogon.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\System32\spoolsv.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\taskhost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\Explorer.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 00000001003c0460 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 00000001003c0450 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 00000001003c0370 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 00000001003c0470 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 00000001003c03e0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 00000001003c0320 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 00000001003c03b0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 00000001003c0390 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 00000001003c02e0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 00000001003c02d0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 00000001003c0310 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 00000001003c03c0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 00000001003c03f0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 00000001003c0230 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 00000001003c0480 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 00000001003c03a0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 00000001003c02f0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 00000001003c0350 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 00000001003c0290 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 00000001003c02b0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 00000001003c03d0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 00000001003c0330 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 00000001003c0410 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 00000001003c0240 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 00000001003c01e0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 00000001003c0250 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 00000001003c0490 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 00000001003c04a0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 00000001003c0300 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 00000001003c0360 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 00000001003c02a0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 00000001003c02c0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 00000001003c0380 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 00000001003c0340 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 00000001003c0440 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 00000001003c0260 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 00000001003c0270 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 00000001003c0400 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 00000001003c01f0 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 00000001003c0210 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 00000001003c0200 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 00000001003c0420 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 00000001003c0430 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 00000001003c0220 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 00000001003c0280 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075f11401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075f11419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075f11431 2 bytes JMP 76338ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075f1144a 2 bytes CALL 762948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075f114dd 2 bytes JMP 763387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f114f5 2 bytes JMP 76338978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075f1150d 2 bytes JMP 76338698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f11525 2 bytes JMP 76338a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075f1153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075f11555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075f1156d 2 bytes JMP 76338f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075f11585 2 bytes JMP 76338ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075f1159d 2 bytes JMP 7633865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075f115b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075f115cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075f116b2 2 bytes JMP 76338e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3228] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075f116bd 2 bytes JMP 763385f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 00000001001a0460 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 00000001001a0450 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 00000001001a0370 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 00000001001a0470 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 00000001001a03e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 00000001001a0320 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 00000001001a03b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 00000001001a0390 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 00000001001a02e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 00000001001a02d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 00000001001a0310 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 00000001001a03c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 00000001001a03f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 00000001001a0230 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 00000001001a0480 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 00000001001a03a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 00000001001a02f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 00000001001a0350 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 00000001001a0290 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 00000001001a02b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 00000001001a03d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 00000001001a0330 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 00000001001a0410 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 00000001001a0240 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 00000001001a01e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 00000001001a0250 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 00000001001a0490 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 00000001001a04a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 00000001001a0300 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 00000001001a0360 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 00000001001a02a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 00000001001a02c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 00000001001a0380 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 00000001001a0340 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 00000001001a0440 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 00000001001a0260 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 00000001001a0270 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 00000001001a0400 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 00000001001a01f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 00000001001a0210 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 00000001001a0200 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 00000001001a0420 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 00000001001a0430 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 00000001001a0220 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 00000001001a0280 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\System32\svchost.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076298791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f11401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f11419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f11431 2 bytes JMP 76338ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f1144a 2 bytes CALL 762948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f114dd 2 bytes JMP 763387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f114f5 2 bytes JMP 76338978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f1150d 2 bytes JMP 76338698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f11525 2 bytes JMP 76338a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f1153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f11555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f1156d 2 bytes JMP 76338f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f11585 2 bytes JMP 76338ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f1159d 2 bytes JMP 7633865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f115b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f115cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f116b2 2 bytes JMP 76338e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f116bd 2 bytes JMP 763385f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\wbem\wmiprvse.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Program Files\iPod\bin\iPodService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f11401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f11419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f11431 2 bytes JMP 76338ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f1144a 2 bytes CALL 762948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f114dd 2 bytes JMP 763387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f114f5 2 bytes JMP 76338978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f1150d 2 bytes JMP 76338698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f11525 2 bytes JMP 76338a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f1153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f11555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f1156d 2 bytes JMP 76338f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f11585 2 bytes JMP 76338ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f1159d 2 bytes JMP 7633865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f115b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f115cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f116b2 2 bytes JMP 76338e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f116bd 2 bytes JMP 763385f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\system32\svchost.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Windows\System32\svchost.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c11360 5 bytes JMP 0000000077d70460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c113b0 5 bytes JMP 0000000077d70450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c11510 5 bytes JMP 0000000077d70370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c11560 5 bytes JMP 0000000077d70470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c11570 5 bytes JMP 0000000077d703e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c11620 5 bytes JMP 0000000077d70320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c11650 5 bytes JMP 0000000077d703b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c11670 5 bytes JMP 0000000077d70390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c116b0 5 bytes JMP 0000000077d702e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c11730 5 bytes JMP 0000000077d702d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c11750 5 bytes JMP 0000000077d70310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c11790 5 bytes JMP 0000000077d703c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c117e0 5 bytes JMP 0000000077d703f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c11940 5 bytes JMP 0000000077d70230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c11b00 5 bytes JMP 0000000077d70480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c11b30 5 bytes JMP 0000000077d703a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c11c10 5 bytes JMP 0000000077d702f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c11c20 5 bytes JMP 0000000077d70350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c11c80 5 bytes JMP 0000000077d70290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c11d10 5 bytes JMP 0000000077d702b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c11d30 5 bytes JMP 0000000077d703d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c11d40 5 bytes JMP 0000000077d70330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c11db0 5 bytes JMP 0000000077d70410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c11de0 5 bytes JMP 0000000077d70240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c120a0 5 bytes JMP 0000000077d701e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c12160 5 bytes JMP 0000000077d70250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c12190 5 bytes JMP 0000000077d70490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c121a0 5 bytes JMP 0000000077d704a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c121d0 5 bytes JMP 0000000077d70300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c121e0 5 bytes JMP 0000000077d70360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c12240 5 bytes JMP 0000000077d702a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c12290 5 bytes JMP 0000000077d702c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c122c0 5 bytes JMP 0000000077d70380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c122d0 5 bytes JMP 0000000077d70340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c125c0 5 bytes JMP 0000000077d70440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c127c0 5 bytes JMP 0000000077d70260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c127d0 5 bytes JMP 0000000077d70270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c127e0 5 bytes JMP 0000000077d70400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c129a0 5 bytes JMP 0000000077d701f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c129b0 5 bytes JMP 0000000077d70210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c12a20 5 bytes JMP 0000000077d70200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c12a80 5 bytes JMP 0000000077d70420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c12a90 5 bytes JMP 0000000077d70430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c12aa0 5 bytes JMP 0000000077d70220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c12b80 5 bytes JMP 0000000077d70280 ---- Processes - GMER 2.1 ---- Process \\?\C:\Windows\system32\wbem\WMIADAP.EXE (*** suspicious ***) @ \\?\C:\Windows\system32\wbem\WMIADAP.EXE [5832] (WMI Reverse Performance Adapter Maintenance Utility/Microsoft Corporation)(2009-07-13 23:47:22) 00000000ff290000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf41b1a71 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf41b1a71@c884470864ea 0x87 0xFA 0x36 0xB9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf41b1a71 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf41b1a71@c884470864ea 0x87 0xFA 0x36 0xB9 ... ---- EOF - GMER 2.1 ----