GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-09 15:18:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: 3qvfnx0o.exe; Driver: C:\Users\Janina\AppData\Local\Temp\axldrpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 000000014a4a0460 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 000000014a4a0450 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 000000014a4a0370 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 000000014a4a0470 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 000000014a4a03e0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 000000014a4a0320 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 000000014a4a03b0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 000000014a4a0390 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 000000014a4a02e0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 000000014a4a02d0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 000000014a4a0310 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 000000014a4a03c0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 000000014a4a03f0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 000000014a4a0230 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 000000014a4a0480 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 000000014a4a03a0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 000000014a4a02f0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 000000014a4a0350 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 000000014a4a0290 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 000000014a4a02b0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 000000014a4a03d0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 000000014a4a0330 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 000000014a4a0410 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 000000014a4a0240 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 000000014a4a01e0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 000000014a4a0250 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 000000014a4a0490 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 000000014a4a04a0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 000000014a4a0300 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 000000014a4a0360 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 000000014a4a02a0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 000000014a4a02c0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 000000014a4a0380 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 000000014a4a0340 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 000000014a4a0440 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 000000014a4a0260 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 000000014a4a0270 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 000000014a4a0400 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 000000014a4a01f0 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 000000014a4a0210 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 000000014a4a0200 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 000000014a4a0420 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 000000014a4a0430 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 000000014a4a0220 .text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 000000014a4a0280 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\wininit.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 000000014a4a0460 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 000000014a4a0450 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 000000014a4a0370 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 000000014a4a0470 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 000000014a4a03e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 000000014a4a0320 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 000000014a4a03b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 000000014a4a0390 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 000000014a4a02e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 000000014a4a02d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 000000014a4a0310 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 000000014a4a03c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 000000014a4a03f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 000000014a4a0230 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 000000014a4a0480 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 000000014a4a03a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 000000014a4a02f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 000000014a4a0350 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 000000014a4a0290 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 000000014a4a02b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 000000014a4a03d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 000000014a4a0330 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 000000014a4a0410 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 000000014a4a0240 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 000000014a4a01e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 000000014a4a0250 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 000000014a4a0490 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 000000014a4a04a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 000000014a4a0300 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 000000014a4a0360 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 000000014a4a02a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 000000014a4a02c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 000000014a4a0380 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 000000014a4a0340 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 000000014a4a0440 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 000000014a4a0260 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 000000014a4a0270 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 000000014a4a0400 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 000000014a4a01f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 000000014a4a0210 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 000000014a4a0200 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 000000014a4a0420 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 000000014a4a0430 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 000000014a4a0220 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 000000014a4a0280 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\AUDIODG.EXE[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\atieclxx.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\FBAgent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\System32\spoolsv.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\svchost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\taskeng.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Program Files\Elantech\ETDCtrl.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2900] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074a78769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\SearchIndexer.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Windows\system32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ecdc80 5 bytes JMP 0000000077030460 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ecdcd0 5 bytes JMP 0000000077030450 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ecde30 5 bytes JMP 0000000077030370 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ecde80 5 bytes JMP 0000000077030470 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ecde90 5 bytes JMP 00000000770303e0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ecdf40 5 bytes JMP 0000000077030320 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdf70 5 bytes JMP 00000000770303b0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ecdf90 5 bytes JMP 0000000077030390 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ecdfd0 5 bytes JMP 00000000770302e0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ece050 5 bytes JMP 00000000770302d0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ece070 5 bytes JMP 0000000077030310 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ece0b0 5 bytes JMP 00000000770303c0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ece100 5 bytes JMP 00000000770303f0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ece260 5 bytes JMP 0000000077030230 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ece420 5 bytes JMP 0000000077030480 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ece450 5 bytes JMP 00000000770303a0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ece530 5 bytes JMP 00000000770302f0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ece540 5 bytes JMP 0000000077030350 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ece5a0 5 bytes JMP 0000000077030290 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ece630 5 bytes JMP 00000000770302b0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece650 5 bytes JMP 00000000770303d0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ece660 5 bytes JMP 0000000077030330 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ece6d0 5 bytes JMP 0000000077030410 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ece700 5 bytes JMP 0000000077030240 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ece9c0 5 bytes JMP 00000000770301e0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ecea80 5 bytes JMP 0000000077030250 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076eceab0 5 bytes JMP 0000000077030490 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076eceac0 5 bytes JMP 00000000770304a0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076eceaf0 5 bytes JMP 0000000077030300 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076eceb00 5 bytes JMP 0000000077030360 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076eceb60 5 bytes JMP 00000000770302a0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ecebb0 5 bytes JMP 00000000770302c0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ecebe0 5 bytes JMP 0000000077030380 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ecebf0 5 bytes JMP 0000000077030340 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076eceee0 5 bytes JMP 0000000077030440 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ecf0e0 5 bytes JMP 0000000077030260 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ecf0f0 5 bytes JMP 0000000077030270 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ecf100 5 bytes JMP 0000000077030400 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ecf2c0 5 bytes JMP 00000000770301f0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ecf2d0 5 bytes JMP 0000000077030210 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ecf340 5 bytes JMP 0000000077030200 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ecf3a0 5 bytes JMP 0000000077030420 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ecf3b0 5 bytes JMP 0000000077030430 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ecf3c0 5 bytes JMP 0000000077030220 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ecf4a0 5 bytes JMP 0000000077030280 ---- EOF - GMER 2.1 ----