GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-07 14:50:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005a WDC_WD50 rev.12.0 465,76GB Running: h0tm6fqv.exe; Driver: C:\Users\gumiok\AppData\Local\Temp\pxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 000000014a1b0460 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 000000014a1b0450 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 000000014a1b0370 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 000000014a1b0470 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 000000014a1b03e0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 000000014a1b0320 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 000000014a1b03b0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 000000014a1b0390 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 000000014a1b02e0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 000000014a1b02d0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 000000014a1b0310 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 000000014a1b03c0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 000000014a1b03f0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 000000014a1b0230 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 000000014a1b0480 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 000000014a1b03a0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 000000014a1b02f0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 000000014a1b0350 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 000000014a1b0290 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 000000014a1b02b0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 000000014a1b03d0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 000000014a1b0330 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 000000014a1b0410 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 000000014a1b0240 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 000000014a1b01e0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 000000014a1b0250 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 000000014a1b0490 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 000000014a1b04a0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 000000014a1b0300 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 000000014a1b0360 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 000000014a1b02a0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 000000014a1b02c0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 000000014a1b0380 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 000000014a1b0340 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 000000014a1b0440 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 000000014a1b0260 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 000000014a1b0270 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 000000014a1b0400 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 000000014a1b01f0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 000000014a1b0210 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 000000014a1b0200 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 000000014a1b0420 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 000000014a1b0430 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 000000014a1b0220 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 000000014a1b0280 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 000000014a1b0460 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 000000014a1b0450 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 000000014a1b0370 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 000000014a1b0470 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 000000014a1b03e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 000000014a1b0320 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 000000014a1b03b0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 000000014a1b0390 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 000000014a1b02e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 000000014a1b02d0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 000000014a1b0310 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 000000014a1b03c0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 000000014a1b03f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 000000014a1b0230 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 000000014a1b0480 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 000000014a1b03a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 000000014a1b02f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 000000014a1b0350 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 000000014a1b0290 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 000000014a1b02b0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 000000014a1b03d0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 000000014a1b0330 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 000000014a1b0410 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 000000014a1b0240 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 000000014a1b01e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 000000014a1b0250 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 000000014a1b0490 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 000000014a1b04a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 000000014a1b0300 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 000000014a1b0360 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 000000014a1b02a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 000000014a1b02c0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 000000014a1b0380 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 000000014a1b0340 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 000000014a1b0440 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 000000014a1b0260 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 000000014a1b0270 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 000000014a1b0400 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 000000014a1b01f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 000000014a1b0210 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 000000014a1b0200 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 000000014a1b0420 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 000000014a1b0430 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 000000014a1b0220 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 000000014a1b0280 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000100070280 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\AUDIODG.EXE[380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\System32\spoolsv.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\taskhost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000100070310 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000100070230 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000100070480 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000100070350 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000100070290 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000100070330 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000100070200 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000100070420 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000100070430 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\taskeng.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000100070310 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000100070230 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000100070480 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000100070350 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000100070290 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000100070330 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000100070200 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000100070420 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000100070430 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\taskeng.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000100070280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2412] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076038781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Program Files\CCleaner\CCleaner64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000077de0460 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000077de0450 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000077de0370 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000077de0470 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 0000000077de03e0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000077de0320 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 0000000077de03b0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000077de0390 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 0000000077de02e0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 0000000077de02d0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000077de0310 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 0000000077de03c0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 0000000077de03f0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000077de0230 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000077de0480 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 0000000077de03a0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 0000000077de02f0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000077de0350 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000077de0290 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 0000000077de02b0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 0000000077de03d0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000077de0330 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000077de0410 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000077de0240 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000077de0250 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000077de0490 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 0000000077de04a0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000077de0300 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000077de0360 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 0000000077de02a0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 0000000077de02c0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000077de0380 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000077de0340 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000077de0440 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000077de0260 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000077de0270 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000077de0400 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000077de0210 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000077de0200 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000077de0420 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000077de0430 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000077de0220 .text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000077de0280 .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765b1401 2 bytes JMP 7605b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765b1419 2 bytes JMP 7605b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765b1431 2 bytes JMP 760d8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765b144a 2 bytes CALL 7603489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765b14dd 2 bytes JMP 760d8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765b14f5 2 bytes JMP 760d89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765b150d 2 bytes JMP 760d8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765b1525 2 bytes JMP 760d8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765b153d 2 bytes JMP 7604fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765b1555 2 bytes JMP 760568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765b156d 2 bytes JMP 760d8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765b1585 2 bytes JMP 760d8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765b159d 2 bytes JMP 760d86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765b15b5 2 bytes JMP 7604fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765b15cd 2 bytes JMP 7605b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765b16b2 2 bytes JMP 760d8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[2116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765b16bd 2 bytes JMP 760d8671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c7dc60 5 bytes JMP 0000000100060460 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c7dcb0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c7de10 5 bytes JMP 0000000100060370 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c7de60 5 bytes JMP 0000000100060470 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c7de70 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c7df20 5 bytes JMP 0000000100060320 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c7df50 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c7df70 5 bytes JMP 0000000100060390 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c7dfb0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c7e030 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c7e050 5 bytes JMP 0000000100060310 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c7e090 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c7e0e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c7e240 5 bytes JMP 0000000100060230 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c7e400 5 bytes JMP 0000000100060480 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c7e430 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c7e510 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c7e520 5 bytes JMP 0000000100060350 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c7e580 5 bytes JMP 0000000100060290 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c7e610 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c7e630 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c7e640 5 bytes JMP 0000000100060330 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c7e6b0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c7e6e0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c7e9a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c7ea60 5 bytes JMP 0000000100060250 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c7ea90 5 bytes JMP 0000000100060490 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c7eaa0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c7ead0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c7eae0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c7eb40 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c7eb90 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c7ebc0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c7ebd0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c7eec0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c7f0c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c7f0d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c7f0e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c7f2a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c7f2b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c7f320 5 bytes JMP 0000000100060200 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c7f380 5 bytes JMP 0000000100060420 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c7f390 5 bytes JMP 0000000100060430 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c7f3a0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\SearchProtocolHost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c7f480 5 bytes JMP 0000000100060280 ---- Files - GMER 2.1 ---- File C:\Windows\System32\LogFiles\Scm\a58f8753-4f06-4bb5-8b1f-732dd2dd9a26 20 bytes ---- EOF - GMER 2.1 ----