GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-11 18:46:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000077 WDC_WD75 rev.01.0 698,64GB Running: gmer.exe; Driver: C:\Users\Pc\AppData\Local\Temp\uglcraoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88000dcec34 12 bytes {MOV RAX, 0xfffffa80051db2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 000000014a130460 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 000000014a130450 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 000000014a130370 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 000000014a130470 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 000000014a1303e0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 000000014a130320 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 000000014a1303b0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 000000014a130390 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 000000014a1302e0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 000000014a1302d0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 000000014a130310 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 000000014a1303c0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 000000014a1303f0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 000000014a130230 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0xffffffffd25ee890} .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 000000014a130480 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 000000014a1303a0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 000000014a1302f0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 000000014a130350 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 000000014a130290 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 000000014a1302b0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 000000014a1303d0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 000000014a130330 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0xffffffffd25ee590} .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 000000014a130410 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 000000014a130240 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 000000014a1301e0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 000000014a130250 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0xffffffffd25ee090} .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 000000014a130490 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 000000014a1304a0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 000000014a130300 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 000000014a130360 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 000000014a1302a0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 000000014a1302c0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 000000014a130380 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 000000014a130340 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 000000014a130440 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 000000014a130260 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 000000014a130270 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 000000014a130400 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 000000014a1301f0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 000000014a130210 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 000000014a130200 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 000000014a130420 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 000000014a130430 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 000000014a130220 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 000000014a130280 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 000000014a130460 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 000000014a130450 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 000000014a130370 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 000000014a130470 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 000000014a1303e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 000000014a130320 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 000000014a1303b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 000000014a130390 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 000000014a1302e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 000000014a1302d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 000000014a130310 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 000000014a1303c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 000000014a1303f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 000000014a130230 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0xffffffffd25ee890} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 000000014a130480 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 000000014a1303a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 000000014a1302f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 000000014a130350 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 000000014a130290 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 000000014a1302b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 000000014a1303d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 000000014a130330 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0xffffffffd25ee590} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 000000014a130410 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 000000014a130240 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 000000014a1301e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 000000014a130250 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0xffffffffd25ee090} .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 000000014a130490 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 000000014a1304a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 000000014a130300 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 000000014a130360 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 000000014a1302a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 000000014a1302c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 000000014a130380 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 000000014a130340 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 000000014a130440 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 000000014a130260 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 000000014a130270 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 000000014a130400 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 000000014a1301f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 000000014a130210 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 000000014a130200 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 000000014a130420 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 000000014a130430 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 000000014a130220 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 000000014a130280 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0xffffffff8852e890} .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0xffffffff8852e590} .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0xffffffff8852e090} .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0xffffffff8852e890} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0xffffffff8852e590} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0xffffffff8852e090} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\nvvsvc.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0xffffffff8852e890} .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0xffffffff8852e590} .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0xffffffff8852e090} .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072f41a22 2 bytes [F4, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072f41ad0 2 bytes [F4, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072f41b08 2 bytes [F4, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072f41bba 2 bytes [F4, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072f41bda 2 bytes [F4, 72] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\SearchIndexer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000100070460 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000100070450 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000100070370 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000100070470 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 00000001000703e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000100070320 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 00000001000703b0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000100070390 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 00000001000702e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 00000001000702d0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000100070310 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 00000001000703c0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 00000001000703f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000100070230 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0xffffffff8852e890} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000100070480 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 00000001000703a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 00000001000702f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000100070350 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000100070290 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 00000001000702b0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 00000001000703d0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000100070330 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0xffffffff8852e590} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000100070410 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000100070240 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 00000001000701e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000100070250 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0xffffffff8852e090} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000100070490 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 00000001000704a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000100070300 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000100070360 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 00000001000702a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 00000001000702c0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000100070380 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000100070340 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000100070440 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000100070260 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000100070270 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000100070400 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 00000001000701f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000100070210 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000100070200 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000100070420 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000100070430 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000100070220 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000100070280 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\svchost.exe[3580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\taskhost.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\Dwm.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077b292a0 7 bytes JMP 000000016fff0158 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077b41480 8 bytes JMP 000000016fff01b0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\Explorer.EXE[972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000100070460 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000100070450 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000100070370 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000100070470 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 00000001000703e0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000100070320 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 00000001000703b0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000100070390 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 00000001000702e0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 00000001000702d0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000100070310 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 00000001000703c0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 00000001000703f0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000100070230 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0xffffffff8852e890} .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000100070480 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 00000001000703a0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 00000001000702f0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000100070350 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000100070290 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 00000001000702b0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 00000001000703d0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000100070330 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0xffffffff8852e590} .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000100070410 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000100070240 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 00000001000701e0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000100070250 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0xffffffff8852e090} .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000100070490 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 00000001000704a0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000100070300 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000100070360 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 00000001000702a0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 00000001000702c0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000100070380 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000100070340 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000100070440 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000100070260 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000100070270 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000100070400 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 00000001000701f0 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000100070210 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000100070200 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000100070420 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000100070430 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000100070220 .text C:\Windows\WindowsMobile\wmdc.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000100070280 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Users\Pc\AppData\Local\Akamai\netsession_win.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ea1465 2 bytes [EA, 75] .text C:\Users\Pc\AppData\Local\Akamai\netsession_win.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ea14bb 2 bytes [EA, 75] .text ... * 2 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\CCleaner\CCleaner64.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\RunDll32.exe[4296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\RunDll32.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4948] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000764287c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ea1465 2 bytes [EA, 75] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ea14bb 2 bytes [EA, 75] .text ... * 2 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b413c0 5 bytes JMP 0000000077ca0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b41410 5 bytes JMP 0000000077ca0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41570 5 bytes JMP 0000000077ca0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b415c0 5 bytes JMP 0000000077ca0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b415d0 5 bytes JMP 0000000077ca03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41680 5 bytes JMP 0000000077ca0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b416b0 5 bytes JMP 0000000077ca03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b416d0 5 bytes JMP 0000000077ca0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b41710 5 bytes JMP 0000000077ca02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41790 5 bytes JMP 0000000077ca02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b417b0 5 bytes JMP 0000000077ca0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b417f0 5 bytes JMP 0000000077ca03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b41840 5 bytes JMP 0000000077ca03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b419a0 1 byte JMP 0000000077ca0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b419a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b60 5 bytes JMP 0000000077ca0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b90 5 bytes JMP 0000000077ca03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c70 5 bytes JMP 0000000077ca02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c80 5 bytes JMP 0000000077ca0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41ce0 5 bytes JMP 0000000077ca0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d70 5 bytes JMP 0000000077ca02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d90 5 bytes JMP 0000000077ca03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41da0 1 byte JMP 0000000077ca0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b41da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41e10 5 bytes JMP 0000000077ca0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41e40 5 bytes JMP 0000000077ca0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b42100 5 bytes JMP 0000000077ca01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b421c0 1 byte JMP 0000000077ca0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b421c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b421f0 5 bytes JMP 0000000077ca0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b42200 5 bytes JMP 0000000077ca04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b42230 5 bytes JMP 0000000077ca0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b42240 5 bytes JMP 0000000077ca0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b422a0 5 bytes JMP 0000000077ca02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b422f0 5 bytes JMP 0000000077ca02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b42320 5 bytes JMP 0000000077ca0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b42330 5 bytes JMP 0000000077ca0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b42620 5 bytes JMP 0000000077ca0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b42820 5 bytes JMP 0000000077ca0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b42830 5 bytes JMP 0000000077ca0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b42840 5 bytes JMP 0000000077ca0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b42a00 5 bytes JMP 0000000077ca01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b42a10 5 bytes JMP 0000000077ca0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a80 5 bytes JMP 0000000077ca0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42ae0 5 bytes JMP 0000000077ca0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42af0 5 bytes JMP 0000000077ca0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42b00 5 bytes JMP 0000000077ca0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42be0 5 bytes JMP 0000000077ca0280 .text C:\Program Files (x86)\TDataDld\TData.exe[7452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ea1465 2 bytes [EA, 75] .text C:\Program Files (x86)\TDataDld\TData.exe[7452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ea14bb 2 bytes [EA, 75] .text ... * 2 .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TAOFrame.exe[1020] C:\Windows\syswow64\kernel32.dll!DeleteFileA 0000000076425444 5 bytes JMP 0000000130076c25 .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TAOFrame.exe[1020] C:\Windows\syswow64\kernel32.dll!DeleteFileW 00000000764289b3 5 bytes JMP 0000000130076b5c .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TAOFrame.exe[1020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ea1465 2 bytes [EA, 75] .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TAOFrame.exe[1020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ea14bb 2 bytes [EA, 75] .text ... * 2 .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRtp.exe[544] C:\Windows\SysWOW64\ntdll.dll!KiUserCallbackDispatcher 0000000077ce00ec 7 bytes JMP 0000000168a53d00 .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRtp.exe[544] C:\Windows\SysWOW64\ntdll.dll!RtlProcessFlsData 0000000077d099a7 5 bytes JMP 0000000168783dde .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRtp.exe[544] C:\Windows\SysWOW64\ntdll.dll!RtlPcToFileHeader 0000000077d10093 7 bytes JMP 0000000168783e18 .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRtp.exe[544] C:\Windows\SysWOW64\ntdll.dll!RtlExitUserProcess 0000000077d28de8 5 bytes JMP 0000000168783d7d .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRtp.exe[544] C:\Windows\SysWOW64\ntdll.dll!LdrShutdownProcess 0000000077d28e79 7 bytes JMP 0000000168783ead .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRtp.exe[544] C:\Windows\SysWOW64\ntdll.dll!LdrShutdownThread 0000000077d2d2f9 7 bytes JMP 0000000168783f25 .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRtp.exe[544] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 000000007642495d 5 bytes JMP 0000000168783d2e .text C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRtp.exe[544] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000764287c9 5 bytes [33, C0, C2, 04, 00] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800104cf1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800104ccc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800104d69c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800104da98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800104d8f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef99c741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef99c5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef99c5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef99c5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef99c7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef99c6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef99c6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef99c7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef99c7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef99c78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef99c4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef99c5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[624] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef99c7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort0 fffffa8003d862c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8003d862c0 Device \Driver\aasmwt3e \Device\Scsi\aasmwt3e1 fffffa80054e32c0 Device \Driver\aasmwt3e \Device\Scsi\aasmwt3e1Port4Path0Target0Lun0 fffffa80054e32c0 Device \FileSystem\Ntfs \Ntfs fffffa8003d942c0 Device \Driver\nvstor64 \Device\00000078 fffffa8003d902c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8003ca72c0 Device \Driver\nvstor64 \Device\RaidPort0 fffffa8003d902c0 Device \Driver\cdrom \Device\CdRom0 fffffa80050742c0 Device \Driver\nvstor64 \Device\RaidPort1 fffffa8003d902c0 Device \Driver\cdrom \Device\CdRom1 fffffa80050742c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{076679A5-D520-4A04-B110-687C6B46D5FD} fffffa8004eb02c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80052fe2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1479CA50-6402-4B28-BF27-F3CCD31D0EEF} fffffa8004eb02c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8003ca72c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004eb02c0 Device \Driver\nvstor64 \Device\00000077 fffffa8003d902c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8003d862c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80052fe2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8003d862c0 Device \Driver\nvstor64 \Device\ScsiPort2 fffffa8003d902c0 Device \Driver\nvstor64 \Device\ScsiPort3 fffffa8003d902c0 Device \Driver\aasmwt3e \Device\ScsiPort4 fffffa80054e32c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003d902c0]<< sptd.sys storport.sys hal.dll nvstor64.sys fffffa8003d902c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d5a060] fffffa8004d5a060 Trace 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8003df7ca0] fffffa8003df7ca0 Trace 5 ACPI.sys[fffff8800119e7a1] -> nt!IofCallDriver -> \Device\00000077[0xfffffa8003dee060] fffffa8003dee060 Trace \Driver\nvstor64[0xfffffa8003df0e70] -> IRP_MJ_CREATE -> 0xfffffa8003d902c0 fffffa8003d902c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\aasmwt3e.SYS fffff88004f1b000-fffff88004f6a000 (323584 bytes) ---- Services - GMER 2.1 ---- Service C:\Windows\system32\drivers\bsdriver.sys (*** hidden *** ) [SYSTEM] bsdriver <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x6B 0x84 0x1D ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x51 0x04 0x89 0xDD ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x54 0x47 0x19 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????w\??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files (x86)\Steam\bin\steamwebhelper.exe|Name=Steam Web Helper|?u?a??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files (x86)\Steam\bin\steamwebhelper.exe|Name=Steam Web Helper|?????*??????i?????????n????Port_#0006.Hub_#0002?0???????????i??????????????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@%SystemRoot%\System32\wshqos.dll,-101??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\pc\appdata\local\akamai\netsession_win.exe|Name=netsession_win Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver@ImagePath \??\C:\Windows\system32\drivers\bsdriver.sys Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver@DisplayName bsdriver Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver@Group Base Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver\Instances@DefaultInstance bsdriver Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver\Instances\bsdriver Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver\Instances\bsdriver@Altitude 333111 Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver\Instances\bsdriver@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\bsdriver Reg HKLM\SYSTEM\ControlSet003\services\bsdriver@Type 1 Reg HKLM\SYSTEM\ControlSet003\services\bsdriver@Start 1 Reg HKLM\SYSTEM\ControlSet003\services\bsdriver@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\bsdriver@ImagePath \??\C:\Windows\system32\drivers\bsdriver.sys Reg HKLM\SYSTEM\ControlSet003\services\bsdriver@DisplayName bsdriver Reg HKLM\SYSTEM\ControlSet003\services\bsdriver@Group Base Reg HKLM\SYSTEM\ControlSet003\services\bsdriver\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\bsdriver\Instances@DefaultInstance bsdriver Reg HKLM\SYSTEM\ControlSet003\services\bsdriver\Instances\bsdriver (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\bsdriver\Instances\bsdriver@Altitude 333111 Reg HKLM\SYSTEM\ControlSet003\services\bsdriver\Instances\bsdriver@Flags 0 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Games\Battlefield 3\x2122\Core\EAProxyInstaller.exe 1 ---- EOF - GMER 2.1 ----