GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-15 21:17:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005b WDC_WD32 rev.12.0 298,09GB Running: pu7lktg5.exe; Driver: C:\Users\Olek\AppData\Local\Temp\aftcyaog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000149cf0460 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000149cf0450 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000149cf0370 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000149cf0470 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 0000000149cf03e0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000149cf0320 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 0000000149cf03b0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000149cf0390 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 0000000149cf02e0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 0000000149cf02d0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000149cf0310 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 0000000149cf03c0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 0000000149cf03f0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000149cf0230 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000149cf0480 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 0000000149cf03a0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 0000000149cf02f0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000149cf0350 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000149cf0290 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 0000000149cf02b0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 0000000149cf03d0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000149cf0330 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000149cf0410 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000149cf0240 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 0000000149cf01e0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000149cf0250 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000149cf0490 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 0000000149cf04a0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000149cf0300 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000149cf0360 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 0000000149cf02a0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 0000000149cf02c0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000149cf0380 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000149cf0340 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000149cf0440 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000149cf0260 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000149cf0270 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000149cf0400 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 0000000149cf01f0 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000149cf0210 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000149cf0200 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000149cf0420 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000149cf0430 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000149cf0220 .text C:\Windows\system32\csrss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000149cf0280 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\wininit.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000149cf0460 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000149cf0450 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000149cf0370 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000149cf0470 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 0000000149cf03e0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000149cf0320 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 0000000149cf03b0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000149cf0390 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 0000000149cf02e0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 0000000149cf02d0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000149cf0310 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 0000000149cf03c0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 0000000149cf03f0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000149cf0230 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000149cf0480 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 0000000149cf03a0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 0000000149cf02f0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000149cf0350 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000149cf0290 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 0000000149cf02b0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 0000000149cf03d0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000149cf0330 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000149cf0410 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000149cf0240 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 0000000149cf01e0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000149cf0250 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000149cf0490 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 0000000149cf04a0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000149cf0300 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000149cf0360 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 0000000149cf02a0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 0000000149cf02c0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000149cf0380 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000149cf0340 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000149cf0440 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000149cf0260 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000149cf0270 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000149cf0400 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 0000000149cf01f0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000149cf0210 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000149cf0200 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000149cf0420 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000149cf0430 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000149cf0220 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000149cf0280 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\services.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\winlogon.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\lsass.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\lsm.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\System32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\AUDIODG.EXE[368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\nvvsvc.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\taskhost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\Dwm.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\Explorer.EXE[1712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2312] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076788781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000100070280 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x09 0x5D 0xEE ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x09 0x5D 0xEE ... ---- EOF - GMER 2.1 ----