GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-17 10:55:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LT0 rev.0001 465,76GB Running: 4sy1zecm.exe; Driver: C:\Users\User\AppData\Local\Temp\kgddypod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\windows\System32\win32k.sys!EngSetLastError + 608 fffff960000b5870 8 bytes [7C, D7, 10, 03, 80, F8, FF, ...] .text C:\windows\System32\win32k.sys!W32pServiceTable fffff960000e5000 7 bytes [C0, 82, F3, FF, C1, 91, F0] .text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000e5008 3 bytes [C0, 06, 02] .text ... * 106 .text C:\windows\System32\win32k.sys!EngGetProcessHandle + 400 fffff960001ad0e0 6 bytes {JMP QWORD [RIP+0x66576]} ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000149c80460 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000149c80450 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000149c80370 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000149c80470 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000149c803e0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000149c80320 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000149c803b0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000149c80390 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000149c802e0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000149c802d0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000149c80310 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000149c803c0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000149c803f0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000149c80230 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000149c80480 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000149c803a0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000149c802f0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000149c80350 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000149c80290 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000149c802b0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000149c803d0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000149c80330 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000149c80410 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000149c80240 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000149c801e0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000149c80250 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000149c80490 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000149c804a0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000149c80300 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000149c80360 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000149c802a0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000149c802c0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000149c80380 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000149c80340 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000149c80440 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000149c80260 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000149c80270 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000149c80400 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000149c801f0 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000149c80210 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000149c80200 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000149c80420 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000149c80430 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000149c80220 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000149c80280 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\wininit.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000149c80460 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000149c80450 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000149c80370 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000149c80470 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000149c803e0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000149c80320 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000149c803b0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000149c80390 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000149c802e0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000149c802d0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000149c80310 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000149c803c0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000149c803f0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000149c80230 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000149c80480 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000149c803a0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000149c802f0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000149c80350 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000149c80290 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000149c802b0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000149c803d0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000149c80330 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000149c80410 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000149c80240 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000149c801e0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000149c80250 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000149c80490 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000149c804a0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000149c80300 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000149c80360 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000149c802a0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000149c802c0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000149c80380 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000149c80340 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000149c80440 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000149c80260 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000149c80270 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000149c80400 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000149c801f0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000149c80210 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000149c80200 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000149c80420 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000149c80430 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000149c80220 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000149c80280 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\services.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\lsass.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\lsm.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\winlogon.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\svchost.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000100070460 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000100070450 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000100070370 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000100070470 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 00000001000703e0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000100070320 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 00000001000703b0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000100070390 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 00000001000702d0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000100070310 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 00000001000703c0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 00000001000703f0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000100070230 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000100070480 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 00000001000703a0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 00000001000702f0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000100070350 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000100070290 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 00000001000702b0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 00000001000703d0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000100070330 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000100070410 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000100070240 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000100070250 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000100070490 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 00000001000704a0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000100070300 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000100070360 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 00000001000702a0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 00000001000702c0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000100070380 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000100070340 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000100070440 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000100070260 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000100070270 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000100070400 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000100070200 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000100070420 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000100070430 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000100070220 .text C:\windows\System32\svchost.exe[428] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000100070280 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000100070230 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000100070330 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000100070250 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000100070490 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[868] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000100070280 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\atieclxx.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\System32\spoolsv.exe[1452] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\svchost.exe[1552] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000100070460 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000100070450 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000100070370 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000100070470 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 00000001000703e0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000100070320 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 00000001000703b0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000100070390 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 00000001000702e0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 00000001000702d0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000100070310 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 00000001000703c0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 00000001000703f0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000100070230 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000100070480 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 00000001000703a0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 00000001000702f0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000100070350 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000100070290 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 00000001000702b0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 00000001000703d0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000100070330 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000100070410 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000100070240 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000100070250 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000100070490 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000100070300 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000100070360 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 00000001000702a0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 00000001000702c0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000100070380 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000100070340 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000100070440 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000100070260 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000100070270 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000100070400 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000100070210 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000100070200 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000100070420 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000100070430 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000100070220 .text C:\Program Files\COMODO\PC TuneUP\CPluginService.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000100070280 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\System32\svchost.exe[1748] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\taskhost.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\Dwm.exe[1840] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000100070460 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000100070450 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000100070370 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000100070470 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 00000001000703e0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000100070320 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 00000001000703b0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000100070390 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 00000001000702e0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 00000001000702d0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000100070310 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 00000001000703c0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 00000001000703f0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000100070230 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000100070480 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 00000001000703a0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 00000001000702f0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000100070350 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000100070290 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 00000001000702b0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 00000001000703d0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000100070330 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000100070410 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000100070240 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 00000001000701e0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000100070250 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000100070490 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 00000001000704a0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000100070300 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000100070360 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 00000001000702a0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 00000001000702c0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000100070380 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000100070340 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000100070440 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000100070260 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000100070270 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000100070400 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 00000001000701f0 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000100070210 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000100070200 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000100070420 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000100070430 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000100070220 .text C:\windows\Explorer.EXE[1812] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000100070280 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\Windows\System32\igfxtray.exe[2492] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\Windows\System32\hkcmd.exe[2516] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\Windows\System32\igfxpers.exe[2576] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\system32\SearchIndexer.exe[2832] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2968] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000760e8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bfda60 5 bytes JMP 0000000077d60460 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bfdab0 5 bytes JMP 0000000077d60450 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfdc10 5 bytes JMP 0000000077d60370 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bfdc60 5 bytes JMP 0000000077d60470 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bfdc70 5 bytes JMP 0000000077d603e0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bfdd20 5 bytes JMP 0000000077d60320 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bfdd50 5 bytes JMP 0000000077d603b0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bfdd70 5 bytes JMP 0000000077d60390 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bfddb0 5 bytes JMP 0000000077d602e0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bfde30 5 bytes JMP 0000000077d602d0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bfde50 5 bytes JMP 0000000077d60310 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bfde90 5 bytes JMP 0000000077d603c0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bfdee0 5 bytes JMP 0000000077d603f0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bfe040 5 bytes JMP 0000000077d60230 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bfe200 5 bytes JMP 0000000077d60480 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bfe230 5 bytes JMP 0000000077d603a0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bfe310 5 bytes JMP 0000000077d602f0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bfe320 5 bytes JMP 0000000077d60350 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bfe380 5 bytes JMP 0000000077d60290 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bfe410 5 bytes JMP 0000000077d602b0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bfe430 5 bytes JMP 0000000077d603d0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bfe440 5 bytes JMP 0000000077d60330 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bfe4b0 5 bytes JMP 0000000077d60410 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bfe4e0 5 bytes JMP 0000000077d60240 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bfe7a0 5 bytes JMP 0000000077d601e0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bfe860 5 bytes JMP 0000000077d60250 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bfe890 5 bytes JMP 0000000077d60490 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bfe8a0 5 bytes JMP 0000000077d604a0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bfe8d0 5 bytes JMP 0000000077d60300 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bfe8e0 5 bytes JMP 0000000077d60360 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bfe940 5 bytes JMP 0000000077d602a0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bfe990 5 bytes JMP 0000000077d602c0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfe9c0 5 bytes JMP 0000000077d60380 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bfe9d0 5 bytes JMP 0000000077d60340 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bfecc0 5 bytes JMP 0000000077d60440 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bfeec0 5 bytes JMP 0000000077d60260 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bfeed0 5 bytes JMP 0000000077d60270 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bfeee0 5 bytes JMP 0000000077d60400 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bff0a0 5 bytes JMP 0000000077d601f0 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bff0b0 5 bytes JMP 0000000077d60210 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bff120 5 bytes JMP 0000000077d60200 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bff180 5 bytes JMP 0000000077d60420 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bff190 5 bytes JMP 0000000077d60430 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bff1a0 5 bytes JMP 0000000077d60220 .text C:\windows\explorer.exe[3328] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bff280 5 bytes JMP 0000000077d60280 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\642737c73ce3 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737c73ce3 Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\642737c73ce3 (not active ControlSet) ---- EOF - GMER 2.1 ----