GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-25 18:48:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-24A0RT0 rev.01.01A02 465,76GB Running: hsyfsm9i.exe; Driver: C:\Users\Gosiek\AppData\Local\Temp\pxldapog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002df5000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002df502f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000149e90460 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000149e90450 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000149e90370 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000149e90470 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000149e903e0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000149e90320 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000149e903b0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000149e90390 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000149e902e0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000149e902d0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000149e90310 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000149e903c0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000149e903f0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000149e90230 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000149e90480 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000149e903a0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000149e902f0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000149e90350 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000149e90290 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000149e902b0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000149e903d0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000149e90330 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000149e90410 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000149e90240 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000149e901e0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000149e90250 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000149e90490 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000149e904a0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000149e90300 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000149e90360 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000149e902a0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000149e902c0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000149e90380 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000149e90340 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000149e90440 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000149e90260 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000149e90270 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000149e90400 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000149e901f0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000149e90210 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000149e90200 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000149e90420 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000149e90430 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000149e90220 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000149e90280 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000149e90460 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000149e90450 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000149e90370 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000149e90470 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000149e903e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000149e90320 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000149e903b0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000149e90390 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000149e902e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000149e902d0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000149e90310 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000149e903c0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000149e903f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000149e90230 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000149e90480 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000149e903a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000149e902f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000149e90350 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000149e90290 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000149e902b0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000149e903d0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000149e90330 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000149e90410 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000149e90240 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000149e901e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000149e90250 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000149e90490 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000149e904a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000149e90300 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000149e90360 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000149e902a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000149e902c0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000149e90380 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000149e90340 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000149e90440 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000149e90260 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000149e90270 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000149e90400 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000149e901f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000149e90210 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000149e90200 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000149e90420 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000149e90430 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000149e90220 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000149e90280 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\winlogon.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\services.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\Explorer.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\taskhost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000100070280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2016] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075d38791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000077be0460 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000077be0450 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000077be0370 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000077be0470 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 0000000077be03e0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000077be0320 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 0000000077be03b0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000077be0390 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 0000000077be02e0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 0000000077be02d0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000077be0310 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 0000000077be03c0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 0000000077be03f0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000077be0230 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000077be0480 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 0000000077be03a0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 0000000077be02f0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000077be0350 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000077be0290 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 0000000077be02b0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 0000000077be03d0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000077be0330 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000077be0410 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000077be0240 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 0000000077be01e0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000077be0250 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000077be0490 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 0000000077be04a0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000077be0300 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000077be0360 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 0000000077be02a0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 0000000077be02c0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000077be0380 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000077be0340 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000077be0440 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000077be0260 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000077be0270 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000077be0400 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 0000000077be01f0 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000077be0210 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000077be0200 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000077be0420 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000077be0430 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000077be0220 .text C:\Windows\system32\taskhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000077be0280 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a81360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a813b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a81510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a81560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a81570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a81620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a81670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a81730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a81750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a81790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a81940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a81b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a81b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a81c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a81c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a81c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a81d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a81d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a81db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a81de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a82160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a82190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a821d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a821e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a82240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a82290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a822c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a822d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a825c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a827c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a827d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a829b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a82a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a82a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a82a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a82aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a82b80 5 bytes JMP 0000000100070280 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@FrequencyCorrectRate 4 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PollAdjustFactor 5 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LargePhaseOffset 50000000 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@SpikeWatchPeriod 900 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LocalClockDispersion 10 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@HoldPeriod 5 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PhaseCorrectRate 1 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@UpdateInterval 360000 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@EventLogFlags 2 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@AnnounceFlags 10 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@TimeJumpAuditOffset 28800 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MinPollInterval 10 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPollInterval 15 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxNegPhaseCorrection 54000 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPosPhaseCorrection 54000 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxAllowedPhaseOffset 1 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@DllName %systemroot%\system32\w32time.dll Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@Enabled 1 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@InputProvider 1 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@AllowNonstandardModeCombinations 1 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CrossSiteSyncFlags 2 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMinutes 15 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMaxTimes 7 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CompatibilityFlags -2147483648 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@EventLogFlags 1 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@LargeSampleSkew 3 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollInterval 604800 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7c89995??????????? Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@DllName %systemroot%\system32\w32time.dll Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@Enabled 0 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@InputProvider 0 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@AllowNonstandardModeCombinations 1 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@EventLogFlags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainEntryTimeout 16 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxEntries 128 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxHostEntries 4 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainDisable 0 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainLoggingRate 30 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\VMICTimeProvider Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\VMICTimeProvider@Enabled 1 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\VMICTimeProvider@InputProvider 1 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\VMICTimeProvider@DllName %SystemRoot%\System32\vmictimeprovider.dll Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\VMICTimeProvider\Parameters Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice@Progid KLCP.WMP.ac3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice@Progid KLCP.WMP.alac Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice@Progid KLCP.WMP.amr Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice@Progid KLCP.WMP.caf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice@Progid KLCP.WMP.dts Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice@Progid KLCP.WMP.mka Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice@Progid KLCP.WMP.mpc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofr\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofr\UserChoice@Progid KLCP.WMP.ofr Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofs\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofs\UserChoice@Progid KLCP.WMP.ofs Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice@Progid KLCP.WMP.oga Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice@Progid KLCP.WMP.ogg Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opus\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opus\UserChoice@Progid KLCP.WMP.opus Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice@Progid KLCP.WMP.pls Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice@Progid KLCP.WMP.ra Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice@Progid KLCP.WMP.ram Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice@Progid KLCP.WMP.spx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tak\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tak\UserChoice@Progid KLCP.WMP.tak Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice@Progid KLCP.WMP.tta Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice@Progid WMP11.AssocFile.WMD Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice@Progid WMP11.AssocFile.WMS Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice@Progid WMP11.AssocFile.WMZ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice@Progid KLCP.WMP.wv Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice@Progid ChromeHTML Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice@Progid ChromeHTML ---- EOF - GMER 2.1 ----