GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-23 13:50:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005d SAMSUNG_ rev.CP10 298,09GB Running: xexg4rqw.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwlcipob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 694 fffff800033ab086 11 bytes [EC, 10, 50, 9C, 6A, 10, 48, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 706 fffff800033ab092 4 bytes [00, 50, B8, BC] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 000000014a010460 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 000000014a010450 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 000000014a010370 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 000000014a010470 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 000000014a0103e0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 000000014a010320 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 000000014a0103b0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 000000014a010390 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 000000014a0102e0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 000000014a0102d0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 000000014a010310 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 000000014a0103c0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 000000014a0103f0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 000000014a010230 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 000000014a010480 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 000000014a0103a0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 000000014a0102f0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 000000014a010350 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 000000014a010290 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 000000014a0102b0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 000000014a0103d0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 000000014a010330 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 000000014a010410 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 000000014a010240 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 000000014a0101e0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 000000014a010250 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 000000014a010490 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 000000014a0104a0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 000000014a010300 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 000000014a010360 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 000000014a0102a0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 000000014a0102c0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 000000014a010380 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 000000014a010340 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 000000014a010440 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 000000014a010260 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 000000014a010270 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 000000014a010400 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 000000014a0101f0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 000000014a010210 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 000000014a010200 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 000000014a010420 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 000000014a010430 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 000000014a010220 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 000000014a010280 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 000000014a010460 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 000000014a010450 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 000000014a010370 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 000000014a010470 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 000000014a0103e0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 000000014a010320 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 000000014a0103b0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 000000014a010390 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 000000014a0102e0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 000000014a0102d0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 000000014a010310 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 000000014a0103c0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 000000014a0103f0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 000000014a010230 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 000000014a010480 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 000000014a0103a0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 000000014a0102f0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 000000014a010350 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 000000014a010290 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 000000014a0102b0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 000000014a0103d0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 000000014a010330 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 000000014a010410 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 000000014a010240 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 000000014a0101e0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 000000014a010250 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 000000014a010490 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 000000014a0104a0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 000000014a010300 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 000000014a010360 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 000000014a0102a0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 000000014a0102c0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 000000014a010380 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 000000014a010340 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 000000014a010440 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 000000014a010260 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 000000014a010270 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 000000014a010400 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 000000014a0101f0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 000000014a010210 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 000000014a010200 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 000000014a010420 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 000000014a010430 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 000000014a010220 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 000000014a010280 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\winlogon.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\System32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\atieclxx.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\System32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000730a17fa 2 bytes CALL 751111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000730a1860 2 bytes CALL 751111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000730a1942 2 bytes JMP 75527089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000730a194d 2 bytes JMP 7552cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7513b273 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7513b39e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 751b9079 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 751148cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 751b8972 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 751b8b48 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 751b8868 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 751b8c32 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7512fd00 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75136949 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 751b9131 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 751b8c92 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 751b882c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7512fd99 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7513b334 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 751b8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 751b87c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 0000000100070460 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 0000000100070370 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 0000000100070470 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 0000000100070320 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 0000000100070390 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 0000000100070310 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 0000000100070230 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 0000000100070480 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 0000000100070350 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 0000000100070330 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 0000000100070240 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 0000000100070250 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 0000000100070360 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 0000000100070400 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 0000000100070200 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\WUDFHost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\taskhost.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\Explorer.EXE[2884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7513b273 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7513b39e C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 751b9079 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 751148cd C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 751b8972 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 751b8b48 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 751b8868 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 751b8c32 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7512fd00 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75136949 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 751b9131 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 751b8c92 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 751b882c C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7512fd99 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7513b334 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 751b8ff4 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 751b87c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7513b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7513b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 751b9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 751148cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 751b8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 751b8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 751b8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 751b8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7512fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75136949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 751b9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 751b8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 751b882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7512fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7513b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 751b8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 751b87c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000751187b1 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7513b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7513b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 751b9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 751148cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 751b8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 751b8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 751b8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 751b8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7512fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75136949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 751b9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 751b8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 751b882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7512fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7513b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 751b8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 751b87c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7513b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7513b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000076841431 2 bytes JMP 751b9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 000000007684144a 2 bytes CALL 751148cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 751b8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 751b8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 751b8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 751b8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7512fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000076841555 2 bytes JMP 75136949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 751b9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 751b8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 751b882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7512fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7513b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 751b8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2576] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 751b87c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 0000000100070370 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 0000000100070470 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 0000000100070320 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 0000000100070390 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 0000000100070310 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 0000000100070230 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 0000000100070480 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 0000000100070350 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 0000000100070330 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 0000000100070240 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 0000000100070400 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 0000000100070200 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\GWX\GWX.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\SearchIndexer.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7513b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7513b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 751b9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 751148cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 751b8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 751b8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 751b8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 751b8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7512fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75136949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 751b9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 751b8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 751b882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7512fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7513b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 751b8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 751b87c1 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!DispatchMessageW 0000000074bc787b 5 bytes JMP 000000015eb7eca0 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!DispatchMessageA 0000000074bc7bbb 5 bytes JMP 000000015eb7ec70 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074bc8a29 5 bytes JMP 000000015eb7f680 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000074bc8e4e 5 bytes JMP 000000015eb7ee00 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!DestroyWindow 0000000074bc9a55 5 bytes JMP 000000015eb7edd0 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074bcd22e 5 bytes JMP 000000015eb7f540 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000074bd05ba 5 bytes JMP 000000015eb7efc0 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000074bd0dfb 5 bytes JMP 000000015eb7ecd0 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!EndPaint 0000000074bd1341 5 bytes JMP 000000015eb7f0a0 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000074bd1361 5 bytes JMP 000000015eb7f040 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect 0000000074bd28da 5 bytes JMP 000000015eb7f4c0 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!SetCursor 0000000074bd41f6 5 bytes JMP 000000015eb7e580 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000074bd5f74 5 bytes JMP 000000015eb7ef60 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000074bd7b3b 5 bytes JMP 000000015eb7f020 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!AnimateWindow 0000000074bdb531 5 bytes JMP 000000015eb7ee70 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow 0000000074bdba4a 5 bytes JMP 000000015eb7f3f0 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!WindowFromPoint 0000000074beed12 5 bytes JMP 000000015eb7e5a0 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!SetCapture 0000000074beed56 5 bytes JMP 000000015eb7ef40 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000074bef170 5 bytes JMP 000000015eb7ef00 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000766d5ea5 5 bytes JMP 000000015eb7e5d0 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000766dba5f 5 bytes JMP 000000015eb7e840 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7513b273 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7513b39e C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076841431 2 bytes JMP 751b9079 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007684144a 2 bytes CALL 751148cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 751b8972 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 751b8b48 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 751b8868 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 751b8c32 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7512fd00 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076841555 2 bytes JMP 75136949 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 751b9131 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 751b8c92 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 751b882c C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7512fd99 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7513b334 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 751b8ff4 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr.exe[4496] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 751b87c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7513b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7513b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 751b9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 751148cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 751b8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 751b8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 751b8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 751b8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7512fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75136949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 751b9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 751b8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 751b882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7512fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7513b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 751b8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 751b87c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\wbem\unsecapp.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\wbem\wmiprvse.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes JMP 7513b273 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes JMP 7513b39e C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes JMP 751b9079 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes CALL 751148cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes JMP 751b8972 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes JMP 751b8b48 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes JMP 751b8868 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes JMP 751b8c32 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes JMP 7512fd00 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes JMP 75136949 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes JMP 751b9131 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes JMP 751b8c92 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes JMP 751b882c C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes JMP 7512fd99 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes JMP 7513b334 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes JMP 751b8ff4 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes JMP 751b87c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007704bf80 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007704bfd0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007704c130 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007704c180 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007704c190 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007704c240 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007704c270 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007704c290 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007704c2d0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007704c350 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007704c370 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007704c3b0 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007704c400 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007704c560 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007704c720 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007704c750 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007704c830 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007704c840 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007704c8a0 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007704c930 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007704c950 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007704c960 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007704c9d0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007704ca00 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007704ccc0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007704cd80 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007704cdb0 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007704cdc0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007704cdf0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007704ce00 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007704ce60 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007704ceb0 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007704cee0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007704cef0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007704d1e0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007704d3e0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007704d3f0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007704d400 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007704d5c0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007704d5d0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007704d640 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007704d6a0 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007704d6b0 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007704d6c0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\AUDIODG.EXE[3164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007704d7a0 5 bytes JMP 00000000771b0280 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2224:2476] 000007fef55b9688 ---- Processes - GMER 2.1 ---- Process C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe (*** suspicious ***) @ C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe [788] (Flvto Youtube Downloader/Hotger)(2015-05-25 10:30:04) 0000000000ee0000 ---- EOF - GMER 2.1 ----