GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-23 18:22:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000008e ST1000DM rev.HP34 931,51GB Running: bcqcp3co.exe; Driver: C:\Users\Gosia\AppData\Local\Temp\kwwirfow.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 000000014a610460 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 000000014a610450 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 000000014a610370 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 000000014a610470 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 000000014a6103e0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 000000014a610320 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 000000014a6103b0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 000000014a610390 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 000000014a6102e0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 000000014a6102d0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 000000014a610310 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 000000014a6103c0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 000000014a6103f0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 000000014a610230 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 000000014a610480 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 000000014a6103a0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 000000014a6102f0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 000000014a610350 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 000000014a610290 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 000000014a6102b0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 000000014a6103d0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 000000014a610330 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 000000014a610410 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 000000014a610240 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 000000014a6101e0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 000000014a610250 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 000000014a610490 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 000000014a6104a0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 000000014a610300 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 000000014a610360 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 000000014a6102a0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 000000014a6102c0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 000000014a610380 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 000000014a610340 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 000000014a610440 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 000000014a610260 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 000000014a610270 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 000000014a610400 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 000000014a6101f0 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 000000014a610210 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 000000014a610200 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 000000014a610420 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 000000014a610430 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 000000014a610220 .text C:\windows\system32\csrss.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 000000014a610280 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 000000014a610460 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 000000014a610450 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 000000014a610370 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 000000014a610470 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 000000014a6103e0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 000000014a610320 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 000000014a6103b0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 000000014a610390 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 000000014a6102e0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 000000014a6102d0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 000000014a610310 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 000000014a6103c0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 000000014a6103f0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 000000014a610230 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 000000014a610480 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 000000014a6103a0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 000000014a6102f0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 000000014a610350 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 000000014a610290 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 000000014a6102b0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 000000014a6103d0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 000000014a610330 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 000000014a610410 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 000000014a610240 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 000000014a6101e0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 000000014a610250 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 000000014a610490 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 000000014a6104a0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 000000014a610300 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 000000014a610360 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 000000014a6102a0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 000000014a6102c0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 000000014a610380 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 000000014a610340 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 000000014a610440 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 000000014a610260 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 000000014a610270 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 000000014a610400 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 000000014a6101f0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 000000014a610210 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 000000014a610200 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 000000014a610420 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 000000014a610430 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 000000014a610220 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 000000014a610280 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\services.exe[768] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\lsass.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\winlogon.exe[796] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\lsm.exe[804] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000100070230 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000100070330 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000100070250 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000100070490 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000100070280 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text c:\Program Files\Microsoft Security Client\MsMpEng.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000100070460 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000100070450 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000100070370 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000100070470 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000001000703e0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000100070320 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000001000703b0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000100070390 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000001000702d0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000100070310 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000001000703c0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000001000703f0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000100070230 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000100070480 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000001000703a0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000001000702f0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000100070350 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000100070290 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000001000702b0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000001000703d0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000100070330 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000100070410 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000100070240 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000100070250 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000100070490 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000001000704a0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000100070300 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000100070360 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000001000702a0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000001000702c0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000100070380 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000100070340 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000100070440 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000100070260 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000100070270 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000100070400 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000100070200 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000100070420 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000100070430 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000100070220 .text C:\windows\System32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000100070280 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\System32\svchost.exe[1060] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\svchost.exe[1088] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\svchost.exe[1120] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\AUDIODG.EXE[1176] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1400] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1408] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\Dwm.exe[1972] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\Explorer.EXE[1996] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe[2032] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075311401 2 bytes JMP 75e1b21b C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075311419 2 bytes JMP 75e1b346 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075311431 2 bytes JMP 75e98f29 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007531144a 2 bytes CALL 75df489d C:\windows\syswow64\KERNEL32.dll .text ... * 9 .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753114dd 2 bytes JMP 75e98822 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753114f5 2 bytes JMP 75e989f8 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007531150d 2 bytes JMP 75e98718 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075311525 2 bytes JMP 75e98ae2 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007531153d 2 bytes JMP 75e0fca8 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075311555 2 bytes JMP 75e168ef C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007531156d 2 bytes JMP 75e98fe3 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075311585 2 bytes JMP 75e98b42 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007531159d 2 bytes JMP 75e986dc C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753115b5 2 bytes JMP 75e0fd41 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753115cd 2 bytes JMP 75e1b2dc C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753116b2 2 bytes JMP 75e98ea4 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1652] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753116bd 2 bytes JMP 75e98671 C:\windows\syswow64\KERNEL32.dll .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\System32\spoolsv.exe[1256] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\svchost.exe[2052] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\taskeng.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\taskhost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[2132] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075df8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\Windows\System32\igfxtray.exe[2664] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\Windows\System32\hkcmd.exe[2676] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\Windows\System32\igfxpers.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2728] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\igfxsrvc.exe[2736] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2784] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\Program Files\Microsoft Security Client\msseces.exe[2804] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3032] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075df8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075311401 2 bytes JMP 75e1b21b C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075311419 2 bytes JMP 75e1b346 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075311431 2 bytes JMP 75e98f29 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007531144a 2 bytes CALL 75df489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753114dd 2 bytes JMP 75e98822 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753114f5 2 bytes JMP 75e989f8 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007531150d 2 bytes JMP 75e98718 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075311525 2 bytes JMP 75e98ae2 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007531153d 2 bytes JMP 75e0fca8 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075311555 2 bytes JMP 75e168ef C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007531156d 2 bytes JMP 75e98fe3 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075311585 2 bytes JMP 75e98b42 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007531159d 2 bytes JMP 75e986dc C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753115b5 2 bytes JMP 75e0fd41 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753115cd 2 bytes JMP 75e1b2dc C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753116b2 2 bytes JMP 75e98ea4 C:\windows\syswow64\kernel32.dll .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[3092] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753116bd 2 bytes JMP 75e98671 C:\windows\syswow64\kernel32.dll .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\System32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\GWX\GWX.exe[3212] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text c:\Program Files\Intel\iCLS Client\HeciServer.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\svchost.exe[3736] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075311401 2 bytes JMP 75e1b21b C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075311419 2 bytes JMP 75e1b346 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075311431 2 bytes JMP 75e98f29 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007531144a 2 bytes CALL 75df489d C:\windows\syswow64\KERNEL32.dll .text ... * 9 .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753114dd 2 bytes JMP 75e98822 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753114f5 2 bytes JMP 75e989f8 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007531150d 2 bytes JMP 75e98718 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075311525 2 bytes JMP 75e98ae2 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007531153d 2 bytes JMP 75e0fca8 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075311555 2 bytes JMP 75e168ef C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007531156d 2 bytes JMP 75e98fe3 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075311585 2 bytes JMP 75e98b42 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007531159d 2 bytes JMP 75e986dc C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753115b5 2 bytes JMP 75e0fd41 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753115cd 2 bytes JMP 75e1b2dc C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753116b2 2 bytes JMP 75e98ea4 C:\windows\syswow64\KERNEL32.dll .text c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe[3780] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753116bd 2 bytes JMP 75e98671 C:\windows\syswow64\KERNEL32.dll .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\splwow64.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4028] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\SearchIndexer.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775bdc60 5 bytes JMP 0000000077720460 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775bdcb0 5 bytes JMP 0000000077720450 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775bde10 5 bytes JMP 0000000077720370 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775bde60 5 bytes JMP 0000000077720470 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775bde70 5 bytes JMP 00000000777203e0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775bdf20 5 bytes JMP 0000000077720320 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775bdf50 5 bytes JMP 00000000777203b0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775bdf70 5 bytes JMP 0000000077720390 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775bdfb0 5 bytes JMP 00000000777202e0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775be030 5 bytes JMP 00000000777202d0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775be050 5 bytes JMP 0000000077720310 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775be090 5 bytes JMP 00000000777203c0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775be0e0 5 bytes JMP 00000000777203f0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775be240 5 bytes JMP 0000000077720230 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775be400 5 bytes JMP 0000000077720480 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775be430 5 bytes JMP 00000000777203a0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775be510 5 bytes JMP 00000000777202f0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775be520 5 bytes JMP 0000000077720350 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775be580 5 bytes JMP 0000000077720290 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775be610 5 bytes JMP 00000000777202b0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775be630 5 bytes JMP 00000000777203d0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775be640 5 bytes JMP 0000000077720330 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775be6b0 5 bytes JMP 0000000077720410 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775be6e0 5 bytes JMP 0000000077720240 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775be9a0 5 bytes JMP 00000000777201e0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775bea60 5 bytes JMP 0000000077720250 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775bea90 5 bytes JMP 0000000077720490 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775beaa0 5 bytes JMP 00000000777204a0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775bead0 5 bytes JMP 0000000077720300 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775beae0 5 bytes JMP 0000000077720360 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775beb40 5 bytes JMP 00000000777202a0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775beb90 5 bytes JMP 00000000777202c0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775bebc0 5 bytes JMP 0000000077720380 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775bebd0 5 bytes JMP 0000000077720340 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775beec0 5 bytes JMP 0000000077720440 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775bf0c0 5 bytes JMP 0000000077720260 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775bf0d0 5 bytes JMP 0000000077720270 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775bf0e0 5 bytes JMP 0000000077720400 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775bf2a0 5 bytes JMP 00000000777201f0 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775bf2b0 5 bytes JMP 0000000077720210 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775bf320 5 bytes JMP 0000000077720200 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775bf380 5 bytes JMP 0000000077720420 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775bf390 5 bytes JMP 0000000077720430 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775bf3a0 5 bytes JMP 0000000077720220 .text C:\windows\system32\wbem\unsecapp.exe[5320] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775bf480 5 bytes JMP 0000000077720280 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Gosia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYH6EVLK\AdwCleaner\x00a04.exe 1 ---- EOF - GMER 2.1 ----