GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-20 18:56:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502IJ rev.1AA01112 465,76GB Running: mbh028s7.exe; Driver: C:\Users\Pejper\AppData\Local\Temp\uxldapob.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 000000004a5f0480 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 000000004a5f0470 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 000000004a5f0360 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 000000004a5f0490 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 000000004a5f03d0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 000000004a5f0310 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 000000004a5f03a0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 000000004a5f0380 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 000000004a5f02d0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 000000004a5f02c0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0xffffffffd29c2a90} .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 000000004a5f0300 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 000000004a5f03b0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 000000004a5f0440 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 000000004a5f03e0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 000000004a5f0220 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 000000004a5f04a0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 000000004a5f0390 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 000000004a5f02e0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 000000004a5f0340 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 000000004a5f0280 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 000000004a5f02a0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0xffffffffd29c2490} .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 000000004a5f03c0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0xffffffffd29c2590} .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 000000004a5f0320 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 000000004a5f0410 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 000000004a5f0230 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 000000004a5f03f0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 000000004a5f01d0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 000000004a5f0240 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 000000004a5f04b0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 000000004a5f04c0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 000000004a5f02f0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 000000004a5f0350 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 000000004a5f0290 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 000000004a5f02b0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 000000004a5f0370 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 000000004a5f0330 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 000000004a5f0460 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 000000004a5f0420 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 000000004a5f0250 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0xffffffffd29c1990} .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 000000004a5f0260 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0xffffffffd29c1990} .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 000000004a5f0400 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 000000004a5f01e0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 000000004a5f0200 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 000000004a5f01f0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 000000004a5f0430 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 000000004a5f0450 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 000000004a5f0210 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 000000004a5f0270 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 000000004a5f0480 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 000000004a5f0470 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 000000004a5f0360 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 000000004a5f0490 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 000000004a5f03d0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 000000004a5f0310 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 000000004a5f03a0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 000000004a5f0380 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 000000004a5f02d0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 000000004a5f02c0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0xffffffffd29c2a90} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 000000004a5f0300 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 000000004a5f03b0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 000000004a5f0440 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 000000004a5f03e0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 000000004a5f0220 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 000000004a5f04a0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 000000004a5f0390 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 000000004a5f02e0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 000000004a5f0340 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 000000004a5f0280 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 000000004a5f02a0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0xffffffffd29c2490} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 000000004a5f03c0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0xffffffffd29c2590} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 000000004a5f0320 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 000000004a5f0410 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 000000004a5f0230 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 000000004a5f03f0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 000000004a5f01d0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 000000004a5f0240 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 000000004a5f04b0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 000000004a5f04c0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 000000004a5f02f0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 000000004a5f0350 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 000000004a5f0290 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 000000004a5f02b0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 000000004a5f0370 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 000000004a5f0330 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 000000004a5f0460 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 000000004a5f0420 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 000000004a5f0250 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0xffffffffd29c1990} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 000000004a5f0260 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0xffffffffd29c1990} .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 000000004a5f0400 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 000000004a5f01e0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 000000004a5f0200 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 000000004a5f01f0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 000000004a5f0430 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 000000004a5f0450 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 000000004a5f0210 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 000000004a5f0270 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\services.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\nvvsvc.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\nvvsvc.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\System32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074ee17fa 2 bytes CALL 76e711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074ee1860 2 bytes CALL 76e711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074ee1942 2 bytes JMP 778a7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074ee194d 2 bytes JMP 778acba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077781401 2 bytes JMP 76e9b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077781419 2 bytes JMP 76e9b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077781431 2 bytes JMP 76f19011 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007778144a 2 bytes CALL 76e748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777814dd 2 bytes JMP 76f1890a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777814f5 2 bytes JMP 76f18ae0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007778150d 2 bytes JMP 76f18800 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077781525 2 bytes JMP 76f18bca C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007778153d 2 bytes JMP 76e8fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077781555 2 bytes JMP 76e96907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007778156d 2 bytes JMP 76f190c9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077781585 2 bytes JMP 76f18c2a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007778159d 2 bytes JMP 76f187c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777815b5 2 bytes JMP 76e8fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777815cd 2 bytes JMP 76e9b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777816b2 2 bytes JMP 76f18f8c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777816bd 2 bytes JMP 76f18759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\SearchIndexer.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\taskhost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\Explorer.EXE[3028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077781401 2 bytes JMP 76e9b233 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077781419 2 bytes JMP 76e9b35e C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077781431 2 bytes JMP 76f19011 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007778144a 2 bytes CALL 76e748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000777814dd 2 bytes JMP 76f1890a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000777814f5 2 bytes JMP 76f18ae0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007778150d 2 bytes JMP 76f18800 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077781525 2 bytes JMP 76f18bca C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007778153d 2 bytes JMP 76e8fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077781555 2 bytes JMP 76e96907 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007778156d 2 bytes JMP 76f190c9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077781585 2 bytes JMP 76f18c2a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007778159d 2 bytes JMP 76f187c4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000777815b5 2 bytes JMP 76e8fd59 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000777815cd 2 bytes JMP 76e9b2f4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000777816b2 2 bytes JMP 76f18f8c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\Steam.exe[3332] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000777816bd 2 bytes JMP 76f18759 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077781401 2 bytes JMP 76e9b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077781419 2 bytes JMP 76e9b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077781431 2 bytes JMP 76f19011 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007778144a 2 bytes CALL 76e748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777814dd 2 bytes JMP 76f1890a C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777814f5 2 bytes JMP 76f18ae0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007778150d 2 bytes JMP 76f18800 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077781525 2 bytes JMP 76f18bca C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007778153d 2 bytes JMP 76e8fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077781555 2 bytes JMP 76e96907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007778156d 2 bytes JMP 76f190c9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077781585 2 bytes JMP 76f18c2a C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007778159d 2 bytes JMP 76f187c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777815b5 2 bytes JMP 76e8fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777815cd 2 bytes JMP 76e9b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777816b2 2 bytes JMP 76f18f8c C:\Windows\syswow64\kernel32.dll .text C:\Users\Pejper\AppData\Local\Akamai\netsession_win.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777816bd 2 bytes JMP 76f18759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\wbem\wmiprvse.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077781401 2 bytes JMP 76e9b233 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077781419 2 bytes JMP 76e9b35e C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077781431 2 bytes JMP 76f19011 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007778144a 2 bytes CALL 76e748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777814dd 2 bytes JMP 76f1890a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777814f5 2 bytes JMP 76f18ae0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007778150d 2 bytes JMP 76f18800 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077781525 2 bytes JMP 76f18bca C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007778153d 2 bytes JMP 76e8fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077781555 2 bytes JMP 76e96907 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007778156d 2 bytes JMP 76f190c9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077781585 2 bytes JMP 76f18c2a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007778159d 2 bytes JMP 76f187c4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777815b5 2 bytes JMP 76e8fd59 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777815cd 2 bytes JMP 76e9b2f4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777816b2 2 bytes JMP 76f18f8c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777816bd 2 bytes JMP 76f18759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077781401 2 bytes JMP 76e9b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077781419 2 bytes JMP 76e9b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077781431 2 bytes JMP 76f19011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007778144a 2 bytes CALL 76e748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000777814dd 2 bytes JMP 76f1890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000777814f5 2 bytes JMP 76f18ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007778150d 2 bytes JMP 76f18800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077781525 2 bytes JMP 76f18bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007778153d 2 bytes JMP 76e8fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077781555 2 bytes JMP 76e96907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007778156d 2 bytes JMP 76f190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077781585 2 bytes JMP 76f18c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007778159d 2 bytes JMP 76f187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000777815b5 2 bytes JMP 76e8fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000777815cd 2 bytes JMP 76e9b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000777816b2 2 bytes JMP 76f18f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4084] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000777816bd 2 bytes JMP 76f18759 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076e78791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077781401 2 bytes JMP 76e9b233 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077781419 2 bytes JMP 76e9b35e C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077781431 2 bytes JMP 76f19011 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007778144a 2 bytes CALL 76e748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777814dd 2 bytes JMP 76f1890a C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777814f5 2 bytes JMP 76f18ae0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007778150d 2 bytes JMP 76f18800 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077781525 2 bytes JMP 76f18bca C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007778153d 2 bytes JMP 76e8fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077781555 2 bytes JMP 76e96907 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007778156d 2 bytes JMP 76f190c9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077781585 2 bytes JMP 76f18c2a C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007778159d 2 bytes JMP 76f187c4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777815b5 2 bytes JMP 76e8fd59 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777815cd 2 bytes JMP 76e9b2f4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777816b2 2 bytes JMP 76f18f8c C:\Windows\syswow64\kernel32.dll .text D:\Program Files\AVAST Software\Avast\avastui.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777816bd 2 bytes JMP 76f18759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077781401 2 bytes JMP 76e9b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077781419 2 bytes JMP 76e9b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077781431 2 bytes JMP 76f19011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007778144a 2 bytes CALL 76e748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777814dd 2 bytes JMP 76f1890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777814f5 2 bytes JMP 76f18ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007778150d 2 bytes JMP 76f18800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077781525 2 bytes JMP 76f18bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007778153d 2 bytes JMP 76e8fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077781555 2 bytes JMP 76e96907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007778156d 2 bytes JMP 76f190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077781585 2 bytes JMP 76f18c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007778159d 2 bytes JMP 76f187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777815b5 2 bytes JMP 76e8fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777815cd 2 bytes JMP 76e9b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777816b2 2 bytes JMP 76f18f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777816bd 2 bytes JMP 76f18759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000000070480 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000000070360 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000000070490 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000000070310 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000000070380 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 00000000000702c0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0xffffffff88442a90} .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000000070300 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000000070220 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000000070390 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000000070340 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000000070280 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 00000000000702a0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0xffffffff88442490} .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 00000000000703c0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0xffffffff88442590} .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000000070320 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000000070410 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000000070230 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000000070240 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000000070290 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000000070420 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000000070250 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0xffffffff88441990} .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000000070260 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0xffffffff88441990} .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000000070200 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000000070430 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000000070450 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000000070210 .text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000000070270 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c2d460 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c2d4b0 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c2d610 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c2d660 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c2d670 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c2d720 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c2d750 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c2d770 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c2d7b0 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c2d830 1 byte JMP 0000000077d902c0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c2d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c2d850 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c2d890 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c2d8d0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c2d8e0 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c2da40 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c2dc00 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c2dc30 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c2dd10 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c2dd20 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c2dd80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c2de10 1 byte JMP 0000000077d902a0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c2de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c2de30 1 byte JMP 0000000077d903c0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c2de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c2de40 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c2deb0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c2dee0 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077c2e080 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c2e1a0 5 bytes JMP 0000000077d901d0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c2e260 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c2e290 5 bytes JMP 0000000077d904b0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c2e2a0 5 bytes JMP 0000000077d904c0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c2e2d0 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c2e2e0 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c2e340 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c2e390 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c2e3c0 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c2e3d0 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c2e6c0 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077c2e820 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c2e8c0 1 byte JMP 0000000077d90250 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c2e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c2e8d0 1 byte JMP 0000000077d90260 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c2e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c2e8e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c2eaa0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c2eab0 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c2eb20 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c2eb80 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c2eb90 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c2eba0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\AUDIODG.EXE[3400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c2ec80 5 bytes JMP 0000000077d90270 ---- EOF - GMER 2.2 ----