GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-06 14:02:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O 298,09GB Running: dpcikdlp.exe; Driver: C:\Users\xxxx~1\AppData\Local\Temp\kwwdrpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88004b1dd8c 12 bytes {MOV RAX, 0xfffffa8004c262a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 000000014a190450 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 000000014a190440 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0xffffffffd2732990} .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 000000014a190360 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 000000014a190460 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 000000014a1903d0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 000000014a190310 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 000000014a1903a0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 000000014a190380 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 000000014a1902d0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 000000014a1902c0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0xffffffffd2732490} .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 000000014a190300 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 000000014a1903b0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 000000014a1903e0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 000000014a190220 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 000000014a190470 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 000000014a190390 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 000000014a1902e0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 000000014a190340 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 000000014a190280 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 000000014a1902a0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0xffffffffd2731e90} .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 000000014a1903c0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0xffffffffd2731f90} .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 000000014a190320 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 000000014a190400 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 000000014a190230 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 000000014a1901d0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 000000014a190240 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 000000014a190480 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 000000014a190490 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 000000014a1902f0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 000000014a190350 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 000000014a190290 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 000000014a1902b0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 000000014a190370 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 000000014a190330 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 000000014a190430 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 000000014a190250 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0xffffffffd2731390} .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 000000014a190260 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0xffffffffd2731390} .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 000000014a1903f0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 000000014a1901e0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 000000014a190200 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 000000014a1901f0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 000000014a190410 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0xffffffffd2731290} .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 000000014a190420 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0xffffffffd2731290} .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 000000014a190210 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 000000014a190270 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 000000014a190450 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 000000014a190440 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0xffffffffd2732990} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 000000014a190360 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 000000014a190460 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 000000014a1903d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 000000014a190310 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 000000014a1903a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 000000014a190380 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 000000014a1902d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 000000014a1902c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0xffffffffd2732490} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 000000014a190300 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 000000014a1903b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 000000014a1903e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 000000014a190220 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 000000014a190470 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 000000014a190390 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 000000014a1902e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 000000014a190340 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 000000014a190280 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 000000014a1902a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0xffffffffd2731e90} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 000000014a1903c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0xffffffffd2731f90} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 000000014a190320 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 000000014a190400 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 000000014a190230 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 000000014a1901d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 000000014a190240 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 000000014a190480 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 000000014a190490 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 000000014a1902f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 000000014a190350 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 000000014a190290 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 000000014a1902b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 000000014a190370 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 000000014a190330 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 000000014a190430 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 000000014a190250 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0xffffffffd2731390} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 000000014a190260 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0xffffffffd2731390} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 000000014a1903f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 000000014a1901e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 000000014a190200 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 000000014a1901f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 000000014a190410 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0xffffffffd2731290} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 000000014a190420 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0xffffffffd2731290} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 000000014a190210 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 000000014a190270 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\nvvsvc.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0xffffffff88612990} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0xffffffff88612490} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0xffffffff88611e90} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0xffffffff88611f90} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0xffffffff88612990} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0xffffffff88612490} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0xffffffff88611e90} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0xffffffff88611f90} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0xffffffff88612990} .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0xffffffff88612490} .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0xffffffff88611e90} .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0xffffffff88611f90} .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\svchost.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\nvwmi64.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0xffffffff88612990} .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0xffffffff88612490} .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0xffffffff88611e90} .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0xffffffff88611f90} .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\DellTPad\Apoint.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\iTunes\iTunesHelper.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\svchost.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2372] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\taskeng.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0xffffffff88612990} .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0xffffffff88612490} .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0xffffffff88611e90} .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0xffffffff88611f90} .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000100070270 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\svchost.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b01401 2 bytes JMP 7762b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b01419 2 bytes JMP 7762b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b01431 2 bytes JMP 776a8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b0144a 2 bytes CALL 7760489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b014dd 2 bytes JMP 776a88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b014f5 2 bytes JMP 776a8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b0150d 2 bytes JMP 776a87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b01525 2 bytes JMP 776a8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b0153d 2 bytes JMP 7761fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b01555 2 bytes JMP 776268ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b0156d 2 bytes JMP 776a9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b01585 2 bytes JMP 776a8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b0159d 2 bytes JMP 776a877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b015b5 2 bytes JMP 7761fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b015cd 2 bytes JMP 7762b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b016b2 2 bytes JMP 776a8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b016bd 2 bytes JMP 776a8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\iPod\bin\iPodService.exe[4312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\SearchIndexer.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\System32\WUDFHost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000100070440 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0xffffffff88612990} .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 00000001000702c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0xffffffff88612490} .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000100070280 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 00000001000702a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0xffffffff88611e90} .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 00000001000703c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0xffffffff88611f90} .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000100070250 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000100070260 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0xffffffff88611390} .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000100070410 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000100070420 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0xffffffff88611290} .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wbem\wmiprvse.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000100070270 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075b01401 2 bytes JMP 7762b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075b01419 2 bytes JMP 7762b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075b01431 2 bytes JMP 776a8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075b0144a 2 bytes CALL 7760489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075b014dd 2 bytes JMP 776a88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075b014f5 2 bytes JMP 776a8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075b0150d 2 bytes JMP 776a87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075b01525 2 bytes JMP 776a8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075b0153d 2 bytes JMP 7761fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075b01555 2 bytes JMP 776268ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075b0156d 2 bytes JMP 776a9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075b01585 2 bytes JMP 776a8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075b0159d 2 bytes JMP 776a877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075b015b5 2 bytes JMP 7761fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075b015cd 2 bytes JMP 7762b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075b016b2 2 bytes JMP 776a8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5412] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075b016bd 2 bytes JMP 776a8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Program Files\DellTPad\Apntex.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\conhost.exe[5804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\wbem\wmiprvse.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\System32\svchost.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000100070450 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000100070440 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0xffffffff88612990} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000100070360 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000100070460 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 00000001000703d0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000100070310 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 00000001000703a0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000100070380 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 00000001000702d0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 00000001000702c0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0xffffffff88612490} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000100070300 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 00000001000703b0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 00000001000703e0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000100070220 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000100070470 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000100070390 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 00000001000702e0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000100070340 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000100070280 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 00000001000702a0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0xffffffff88611e90} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 00000001000703c0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0xffffffff88611f90} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000100070320 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000100070400 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000100070230 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 00000001000701d0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000100070240 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000100070480 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000100070490 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 00000001000702f0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000100070350 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000100070290 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 00000001000702b0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000100070370 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000100070330 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000100070430 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000100070250 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0xffffffff88611390} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000100070260 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0xffffffff88611390} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000100070200 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 00000001000701f0 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000100070410 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0xffffffff88611290} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000100070420 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0xffffffff88611290} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000100070210 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000100070270 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 00000000779090a1 11 bytes {MOV EAX, 0xffffffffe7c678dc; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefe2c7790 5 bytes JMP 000007fffe0500d8 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff6e1180 5 bytes JMP 000007fffe0501b8 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff6e1320 7 bytes JMP 000007fffe050148 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff6e4470 6 bytes JMP 000007fffe050110 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1548] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff6e6720 10 bytes JMP 000007fffe050180 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a5da60 5 bytes JMP 0000000077bc0450 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a5dab0 1 byte JMP 0000000077bc0440 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077a5dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a5dc10 5 bytes JMP 0000000077bc0360 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a5dc60 5 bytes JMP 0000000077bc0460 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a5dc70 5 bytes JMP 0000000077bc03d0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a5dd20 5 bytes JMP 0000000077bc0310 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a5dd50 5 bytes JMP 0000000077bc03a0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a5dd70 5 bytes JMP 0000000077bc0380 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a5ddb0 5 bytes JMP 0000000077bc02d0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a5de30 1 byte JMP 0000000077bc02c0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077a5de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a5de50 5 bytes JMP 0000000077bc0300 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a5de90 5 bytes JMP 0000000077bc03b0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a5dee0 5 bytes JMP 0000000077bc03e0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a5e040 5 bytes JMP 0000000077bc0220 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a5e200 5 bytes JMP 0000000077bc0470 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a5e230 5 bytes JMP 0000000077bc0390 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a5e310 5 bytes JMP 0000000077bc02e0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a5e320 5 bytes JMP 0000000077bc0340 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a5e380 5 bytes JMP 0000000077bc0280 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a5e410 1 byte JMP 0000000077bc02a0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077a5e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a5e430 1 byte JMP 0000000077bc03c0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077a5e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a5e440 5 bytes JMP 0000000077bc0320 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a5e4b0 5 bytes JMP 0000000077bc0400 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a5e4e0 5 bytes JMP 0000000077bc0230 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a5e7a0 5 bytes JMP 0000000077bc01d0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a5e860 5 bytes JMP 0000000077bc0240 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a5e890 5 bytes JMP 0000000077bc0480 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a5e8a0 5 bytes JMP 0000000077bc0490 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a5e8d0 5 bytes JMP 0000000077bc02f0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a5e8e0 5 bytes JMP 0000000077bc0350 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a5e940 5 bytes JMP 0000000077bc0290 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a5e990 5 bytes JMP 0000000077bc02b0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a5e9c0 5 bytes JMP 0000000077bc0370 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a5e9d0 5 bytes JMP 0000000077bc0330 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a5ecc0 5 bytes JMP 0000000077bc0430 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a5eec0 1 byte JMP 0000000077bc0250 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077a5eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a5eed0 1 byte JMP 0000000077bc0260 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077a5eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a5eee0 5 bytes JMP 0000000077bc03f0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a5f0a0 5 bytes JMP 0000000077bc01e0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a5f0b0 5 bytes JMP 0000000077bc0200 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a5f120 5 bytes JMP 0000000077bc01f0 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a5f180 1 byte JMP 0000000077bc0410 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077a5f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a5f190 1 byte JMP 0000000077bc0420 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077a5f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a5f1a0 5 bytes JMP 0000000077bc0210 .text C:\Windows\system32\AUDIODG.EXE[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a5f280 5 bytes JMP 0000000077bc0270 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff880010c4650] \SystemRoot\System32\Drivers\spew.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010c45dc] \SystemRoot\System32\Drivers\spew.sys [unknown section] ---- Devices - GMER 2.1 ---- Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-0 fffffa800369f2c0 Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-1 fffffa800369f2c0 Device \Driver\iaStorV \Device\Ide\iaStor0 fffffa800369f2c0 Device \Driver\a036o74j \Device\Scsi\a036o74j1Port1Path0Target0Lun0 fffffa8005b192c0 Device \Driver\a036o74j \Device\Scsi\a036o74j1 fffffa8005b192c0 Device \FileSystem\Ntfs \Ntfs fffffa80036a32c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa80058712c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa800579e2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa80058712c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa800579e2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800475e2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800475e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{49436D7A-3251-402B-A264-FC63E3F2F55A} fffffa8004af92c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa800579e2c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa800579e2c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa800579e2c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa800579e2c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa80058712c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa800579e2c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa80058712c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa800579e2c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa800369b2c0 Device \Driver\volmgr \Device\FtControl fffffa800369b2c0 Device \Driver\volmgr \Device\VolMgrControl fffffa800369b2c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa800369b2c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa800369b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{87503E9D-7C24-4542-BD9B-4F301EFC31B4} fffffa8004af92c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004af92c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa800579e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{C74E4202-2B76-480E-9B6D-609B775ADF54} fffffa8004af92c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa800579e2c0 Device \Driver\iaStorV \Device\ScsiPort0 fffffa800369f2c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa800579e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6F2214D9-2394-419D-A53C-5C581898A342} fffffa8004af92c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa800579e2c0 Device \Driver\a036o74j \Device\ScsiPort1 fffffa8005b192c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys stdfltn.sys >>UNKNOWN [0xfffffa800369f2c0]<< spew.sys iaStorV.sys fffffa800369f2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800473e790] fffffa800473e790 Trace 3 CLASSPNP.SYS[fffff880015ce43f] -> nt!IofCallDriver -> [0xfffffa800473e040] fffffa800473e040 Trace 5 stdfltn.sys[fffff880019e2af2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004533050] fffffa8004533050 Trace \Driver\iaStorV[0xfffffa8004518060] -> IRP_MJ_CREATE -> 0xfffffa800369f2c0 fffffa800369f2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a036o74j.SYS fffff88004a6a000-fffff88004aad000 (274432 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619ea95cf Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619ea95cf@78ca04b02e83 0x67 0xEA 0x46 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619ea95cf@001f4710edf9 0x45 0x2A 0x2E 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619ea95cf@001ddf614be2 0xA2 0x39 0x8B 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619ea95cf@001ddfce250c 0xAD 0x41 0xC2 0xA2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x92 0x12 0xAE 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF7 0xFB 0xEA 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0xAB 0xA7 0x14 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619ea95cf (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619ea95cf@78ca04b02e83 0x67 0xEA 0x46 0x04 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619ea95cf@001f4710edf9 0x45 0x2A 0x2E 0xAD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619ea95cf@001ddf614be2 0xA2 0x39 0x8B 0xAC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619ea95cf@001ddfce250c 0xAD 0x41 0xC2 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x92 0x12 0xAE 0x6C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF7 0xFB 0xEA 0x31 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0xAB 0xA7 0x14 ... ---- EOF - GMER 2.1 ----