GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-01 15:09:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000008e ST1000DM rev.HP34 931,51GB Running: u7h6tsf6.exe; Driver: C:\Users\Gosia\AppData\Local\Temp\kwwirfow.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000149940460 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000149940450 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000149940370 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000149940470 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 00000001499403e0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000149940320 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 00000001499403b0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000149940390 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 00000001499402e0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 00000001499402d0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000149940310 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 00000001499403c0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 00000001499403f0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000149940230 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000149940480 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 00000001499403a0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 00000001499402f0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000149940350 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000149940290 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 00000001499402b0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 00000001499403d0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000149940330 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000149940410 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000149940240 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 00000001499401e0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000149940250 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000149940490 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 00000001499404a0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000149940300 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000149940360 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 00000001499402a0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 00000001499402c0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000149940380 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000149940340 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000149940440 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000149940260 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000149940270 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000149940400 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 00000001499401f0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000149940210 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000149940200 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000149940420 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000149940430 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000149940220 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000149940280 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000149940460 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000149940450 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000149940370 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000149940470 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 00000001499403e0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000149940320 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 00000001499403b0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000149940390 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 00000001499402e0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 00000001499402d0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000149940310 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 00000001499403c0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 00000001499403f0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000149940230 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000149940480 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 00000001499403a0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 00000001499402f0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000149940350 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000149940290 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 00000001499402b0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 00000001499403d0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000149940330 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000149940410 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000149940240 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 00000001499401e0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000149940250 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000149940490 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 00000001499404a0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000149940300 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000149940360 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 00000001499402a0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 00000001499402c0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000149940380 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000149940340 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000149940440 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000149940260 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000149940270 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000149940400 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 00000001499401f0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000149940210 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000149940200 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000149940420 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000149940430 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000149940220 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000149940280 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\winlogon.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\lsass.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000100070230 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000100070330 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000100070250 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000100070490 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000100070460 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000100070450 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000100070370 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000100070470 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 00000001000703e0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000100070320 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 00000001000703b0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000100070390 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 00000001000702d0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000100070310 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 00000001000703c0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 00000001000703f0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000100070230 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000100070480 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 00000001000703a0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 00000001000702f0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000100070350 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000100070290 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 00000001000702b0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 00000001000703d0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000100070330 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000100070410 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000100070240 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000100070250 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000100070490 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 00000001000704a0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000100070300 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000100070360 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 00000001000702a0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 00000001000702c0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000100070380 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000100070340 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000100070440 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000100070260 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000100070270 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000100070400 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000100070200 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000100070420 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000100070430 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000100070220 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000100070230 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000100070330 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000100070250 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000100070490 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000100070280 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1520] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1528] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\svchost.exe[1548] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[1884] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\System32\spoolsv.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\svchost.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000100070460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000100070450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000100070370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000100070470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 00000001000703e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000100070320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 00000001000703b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000100070390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 00000001000702d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000100070310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 00000001000703c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000100070230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000100070480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 00000001000703a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 00000001000702f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000100070350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000100070290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 00000001000702b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 00000001000703d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000100070330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000100070410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000100070240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000100070250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000100070490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000100070300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000100070360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 00000001000702a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 00000001000702c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000100070380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000100070340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000100070440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000100070200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000100070420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000100070430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000100070220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000100070280 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\taskhost.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000100070460 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000100070450 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000100070370 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000100070470 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 00000001000703e0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000100070320 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 00000001000703b0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000100070390 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 00000001000702d0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000100070310 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 00000001000703c0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000100070230 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000100070480 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 00000001000703a0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 00000001000702f0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000100070350 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000100070290 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 00000001000702b0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 00000001000703d0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000100070330 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000100070410 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000100070240 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000100070250 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000100070490 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000100070300 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000100070360 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 00000001000702a0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 00000001000702c0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000100070380 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000100070340 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000100070440 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000100070200 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000100070420 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000100070430 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000100070220 .text C:\windows\system32\Dwm.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000100070280 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000100070460 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000100070450 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000100070370 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000100070470 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 00000001000703e0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000100070320 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 00000001000703b0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000100070390 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 00000001000702e0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 00000001000702d0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000100070310 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 00000001000703c0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 00000001000703f0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000100070230 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000100070480 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 00000001000703a0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 00000001000702f0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000100070350 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000100070290 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 00000001000702b0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 00000001000703d0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000100070330 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000100070410 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000100070240 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 00000001000701e0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000100070250 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000100070490 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 00000001000704a0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000100070300 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000100070360 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 00000001000702a0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 00000001000702c0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000100070380 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000100070340 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000100070440 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000100070260 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000100070270 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000100070400 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 00000001000701f0 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000100070210 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000100070200 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000100070420 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000100070430 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000100070220 .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000100070280 .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764f1401 2 bytes JMP 766cb21b C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764f1419 2 bytes JMP 766cb346 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764f1431 2 bytes JMP 76748f29 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764f144a 2 bytes CALL 766a489d C:\windows\syswow64\KERNEL32.dll .text ... * 9 .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764f14dd 2 bytes JMP 76748822 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764f14f5 2 bytes JMP 767489f8 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764f150d 2 bytes JMP 76748718 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764f1525 2 bytes JMP 76748ae2 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764f153d 2 bytes JMP 766bfca8 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764f1555 2 bytes JMP 766c68ef C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764f156d 2 bytes JMP 76748fe3 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764f1585 2 bytes JMP 76748b42 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764f159d 2 bytes JMP 767486dc C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764f15b5 2 bytes JMP 766bfd41 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764f15cd 2 bytes JMP 766cb2dc C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764f16b2 2 bytes JMP 76748ea4 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2468] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764f16bd 2 bytes JMP 76748671 C:\windows\syswow64\KERNEL32.dll .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\System32\igfxtray.exe[2148] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\System32\hkcmd.exe[2328] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\igfxsrvc.exe[2504] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\System32\igfxpers.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2984] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\Microsoft Security Client\msseces.exe[3004] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764f1401 2 bytes JMP 766cb21b C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764f1419 2 bytes JMP 766cb346 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764f1431 2 bytes JMP 76748f29 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764f144a 2 bytes CALL 766a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764f14dd 2 bytes JMP 76748822 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764f14f5 2 bytes JMP 767489f8 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764f150d 2 bytes JMP 76748718 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764f1525 2 bytes JMP 76748ae2 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764f153d 2 bytes JMP 766bfca8 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764f1555 2 bytes JMP 766c68ef C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764f156d 2 bytes JMP 76748fe3 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764f1585 2 bytes JMP 76748b42 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764f159d 2 bytes JMP 767486dc C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764f15b5 2 bytes JMP 766bfd41 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764f15cd 2 bytes JMP 766cb2dc C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764f16b2 2 bytes JMP 76748ea4 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3812] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764f16bd 2 bytes JMP 76748671 C:\windows\syswow64\kernel32.dll .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[4036] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\svchost.exe[632] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764f1401 2 bytes JMP 766cb21b C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764f1419 2 bytes JMP 766cb346 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764f1431 2 bytes JMP 76748f29 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764f144a 2 bytes CALL 766a489d C:\windows\syswow64\KERNEL32.dll .text ... * 9 .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764f14dd 2 bytes JMP 76748822 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764f14f5 2 bytes JMP 767489f8 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764f150d 2 bytes JMP 76748718 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764f1525 2 bytes JMP 76748ae2 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764f153d 2 bytes JMP 766bfca8 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764f1555 2 bytes JMP 766c68ef C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764f156d 2 bytes JMP 76748fe3 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764f1585 2 bytes JMP 76748b42 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764f159d 2 bytes JMP 767486dc C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764f15b5 2 bytes JMP 766bfd41 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764f15cd 2 bytes JMP 766cb2dc C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764f16b2 2 bytes JMP 76748ea4 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[2408] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764f16bd 2 bytes JMP 76748671 C:\windows\syswow64\KERNEL32.dll .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\wbem\unsecapp.exe[3276] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\splwow64.exe[4376] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\windows\system32\SearchIndexer.exe[4736] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000100070460 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000100070450 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000100070370 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000100070470 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 00000001000703e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000100070320 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 00000001000703b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000100070390 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 00000001000702e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 00000001000702d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000100070310 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 00000001000703c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 00000001000703f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000100070230 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000100070480 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 00000001000703a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 00000001000702f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000100070350 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000100070290 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 00000001000702b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 00000001000703d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000100070330 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000100070410 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000100070240 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 00000001000701e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000100070250 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000100070490 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 00000001000704a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000100070300 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000100070360 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 00000001000702a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 00000001000702c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000100070380 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000100070340 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000100070440 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000100070260 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000100070270 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000100070400 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 00000001000701f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000100070210 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000100070200 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000100070420 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000100070430 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000100070220 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5432] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d3dc60 5 bytes JMP 0000000076ea0460 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d3dcb0 5 bytes JMP 0000000076ea0450 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d3de10 5 bytes JMP 0000000076ea0370 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d3de60 5 bytes JMP 0000000076ea0470 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d3de70 5 bytes JMP 0000000076ea03e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d3df20 5 bytes JMP 0000000076ea0320 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d3df50 5 bytes JMP 0000000076ea03b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d3df70 5 bytes JMP 0000000076ea0390 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d3dfb0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d3e030 5 bytes JMP 0000000076ea02d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d3e050 5 bytes JMP 0000000076ea0310 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d3e090 5 bytes JMP 0000000076ea03c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d3e0e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d3e240 5 bytes JMP 0000000076ea0230 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d3e400 5 bytes JMP 0000000076ea0480 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d3e430 5 bytes JMP 0000000076ea03a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d3e510 5 bytes JMP 0000000076ea02f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d3e520 5 bytes JMP 0000000076ea0350 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d3e580 5 bytes JMP 0000000076ea0290 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d3e610 5 bytes JMP 0000000076ea02b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d3e630 5 bytes JMP 0000000076ea03d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d3e640 5 bytes JMP 0000000076ea0330 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d3e6b0 5 bytes JMP 0000000076ea0410 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d3e6e0 5 bytes JMP 0000000076ea0240 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d3e9a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d3ea60 5 bytes JMP 0000000076ea0250 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d3ea90 5 bytes JMP 0000000076ea0490 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d3eaa0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d3ead0 5 bytes JMP 0000000076ea0300 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d3eae0 5 bytes JMP 0000000076ea0360 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d3eb40 5 bytes JMP 0000000076ea02a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d3eb90 5 bytes JMP 0000000076ea02c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d3ebc0 5 bytes JMP 0000000076ea0380 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d3ebd0 5 bytes JMP 0000000076ea0340 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d3eec0 5 bytes JMP 0000000076ea0440 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d3f0c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d3f0d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d3f0e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d3f2a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d3f2b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d3f320 5 bytes JMP 0000000076ea0200 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d3f380 5 bytes JMP 0000000076ea0420 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d3f390 5 bytes JMP 0000000076ea0430 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d3f3a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6932] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d3f480 5 bytes JMP 0000000076ea0280 ---- Threads - GMER 2.1 ---- Thread c:\Program Files\Microsoft Security Client\NisSrv.exe [4696:4724] 000007fefd0aa808 Thread c:\Program Files\Microsoft Security Client\NisSrv.exe [4696:4884] 000007fefe796e60 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Gosia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYH6EVLK\AdwCleaner\x00a04.exe 1 ---- EOF - GMER 2.1 ----