GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-07 16:49:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD10EZEX-19M2NA0 rev.01.01A01 931,51GB Running: c58yt2b8.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\fxrdqpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000100040490 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000100040280 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\wininit.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 00000001498d0460 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 00000001498d0450 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 00000001498d0370 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 00000001498d0470 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 00000001498d03e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 00000001498d0320 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 00000001498d03b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 00000001498d0390 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 00000001498d02e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 00000001498d02d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 00000001498d0310 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 00000001498d03c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 00000001498d03f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 00000001498d0230 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 00000001498d0480 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 00000001498d03a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 00000001498d02f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 00000001498d0350 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 00000001498d0290 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 00000001498d02b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 00000001498d03d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 00000001498d0330 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 00000001498d0410 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 00000001498d0240 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 00000001498d01e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 00000001498d0250 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 00000001498d0490 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 00000001498d04a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 00000001498d0300 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 00000001498d0360 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 00000001498d02a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 00000001498d02c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 00000001498d0380 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 00000001498d0340 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 00000001498d0440 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 00000001498d0260 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 00000001498d0270 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 00000001498d0400 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 00000001498d01f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 00000001498d0210 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 00000001498d0200 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 00000001498d0420 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 00000001498d0430 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 00000001498d0220 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 00000001498d0280 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\svchost.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\AUDIODG.EXE[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\Ati2evxx.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\taskhost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\Explorer.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text E:\Program Files\AVAST Software\Avast\avastui.exe[244] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076128769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000100070280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6dc80 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6dcd0 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6de30 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6de80 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6de90 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6df40 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6df70 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6df90 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6dfd0 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6e050 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6e070 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6e0b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6e100 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6e260 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6e420 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6e450 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6e530 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6e540 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6e5a0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6e630 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6e650 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6e660 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6e6d0 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6e700 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6e9c0 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6ea80 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6eab0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6eac0 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6eaf0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6eb00 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6eb60 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6ebb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6ebe0 5 bytes JMP 0000000077cd0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6ebf0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6eee0 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6f0e0 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6f0f0 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6f100 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6f2c0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6f2d0 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6f340 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6f3a0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6f3b0 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6f3c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6f4a0 5 bytes JMP 0000000077cd0280 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 7176 ---- EOF - GMER 2.1 ----