GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-11-28 08:45:52 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-80JJ5T0 rev.01.01A01 298,09GB Running: m57g1hli.exe; Driver: D:\Users\Miski\AppData\Local\Temp\uwddikow.sys ---- User code sections - GMER 2.1 ---- .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000100120460 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000100120450 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000100120370 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000100120470 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000001001203e0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000100120320 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000001001203b0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000100120390 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000001001202e0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000001001202d0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000100120310 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000001001203c0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000001001203f0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000100120230 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000100120480 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000001001203a0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000001001202f0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000100120350 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000100120290 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000001001202b0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000001001203d0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000100120330 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000100120410 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000100120240 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000001001201e0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000100120250 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000100120490 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000001001204a0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000100120300 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000100120360 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000001001202a0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000001001202c0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000100120380 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000100120340 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000100120440 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000100120260 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000100120270 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000100120400 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000001001201f0 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000100120210 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000100120200 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000100120420 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000100120430 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000100120220 .text D:\Windows\system32\csrss.exe[448] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000100120280 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\wininit.exe[524] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000100120460 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000100120450 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000100120370 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000100120470 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000001001203e0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000100120320 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000001001203b0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000100120390 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000001001202e0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000001001202d0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000100120310 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000001001203c0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000001001203f0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000100120230 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000100120480 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000001001203a0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000001001202f0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000100120350 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000100120290 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000001001202b0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000001001203d0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000100120330 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000100120410 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000100120240 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000001001201e0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000100120250 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000100120490 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000001001204a0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000100120300 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000100120360 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000001001202a0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000001001202c0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000100120380 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000100120340 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000100120440 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000100120260 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000100120270 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000100120400 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000001001201f0 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000100120210 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000100120200 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000100120420 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000100120430 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000100120220 .text D:\Windows\system32\csrss.exe[540] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000100120280 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\services.exe[572] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\lsass.exe[596] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\lsm.exe[604] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\winlogon.exe[632] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000100070460 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000100070450 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000100070370 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000100070470 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000001000703e0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000100070320 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000001000703b0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000100070390 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000001000702e0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000001000702d0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000100070310 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000001000703c0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000001000703f0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000100070230 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000100070480 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000001000703a0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000001000702f0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000100070350 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000100070290 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000001000702b0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000001000703d0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000100070330 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000100070410 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000100070240 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000001000701e0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000100070250 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000100070490 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000001000704a0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000100070300 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000100070360 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000001000702a0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000001000702c0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000100070380 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000100070340 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000100070440 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000100070260 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000100070270 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000100070400 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000001000701f0 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000100070210 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000100070200 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000100070420 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000100070430 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000100070220 .text D:\Windows\system32\svchost.exe[736] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000100070280 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\svchost.exe[828] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\System32\svchost.exe[928] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\System32\svchost.exe[964] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000100070460 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000100070450 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000100070370 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000100070470 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000001000703e0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000100070320 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000001000703b0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000100070390 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000001000702e0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000001000702d0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000100070310 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000001000703c0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000001000703f0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000100070230 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000100070480 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000001000703a0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000001000702f0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000100070350 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000100070290 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000001000702b0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000001000703d0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000100070330 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000100070410 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000100070240 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000001000701e0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000100070250 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000100070490 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000001000704a0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000100070300 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000100070360 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000001000702a0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000001000702c0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000100070380 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000100070340 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000100070440 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000100070260 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000100070270 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000100070400 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000001000701f0 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000100070210 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000100070200 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000100070420 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000100070430 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000100070220 .text D:\Windows\system32\svchost.exe[996] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000100070280 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\svchost.exe[752] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\svchost.exe[1140] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\WLANExt.exe[1304] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\Dwm.exe[1376] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\Explorer.EXE[1400] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\svchost.exe[1492] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\FBAgent.exe[1528] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1804] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1812] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1856] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\AsScrPro.exe[1880] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ab1465 2 bytes [AB, 75] .text D:\Windows\AsScrPro.exe[1880] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ab14bb 2 bytes [AB, 75] .text ... * 2 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\System32\spoolsv.exe[1888] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\System32\igfxtray.exe[1900] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\System32\hkcmd.exe[1956] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\taskhost.exe[1976] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\System32\igfxpers.exe[1988] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2212] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2456] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ab1465 2 bytes [AB, 75] .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2456] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ab14bb 2 bytes [AB, 75] .text ... * 2 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\taskeng.exe[2576] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\svchost.exe[2652] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2800] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ab1465 2 bytes [AB, 75] .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2800] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ab14bb 2 bytes [AB, 75] .text ... * 2 ? D:\Windows\system32\mssprxy.dll [2800] entry point in ".rdata" section 0000000071ab71e6 .text D:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe[2964] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ab1465 2 bytes [AB, 75] .text D:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe[2964] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ab14bb 2 bytes [AB, 75] .text ... * 2 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\conhost.exe[3016] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\SearchIndexer.exe[3224] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\wbem\wmiprvse.exe[768] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3148] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Program Files\AVAST Software\Avast\AvastUI.exe[2220] D:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007586d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\svchost.exe[3784] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\wbem\unsecapp.exe[2348] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\wbem\wmiprvse.exe[1104] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\System32\svchost.exe[1252] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\WUDFHost.exe[4764] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076eef760 5 bytes JMP 0000000077050460 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076eef7b0 5 bytes JMP 0000000077050450 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076eef910 5 bytes JMP 0000000077050370 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076eef960 5 bytes JMP 0000000077050470 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076eef970 5 bytes JMP 00000000770503e0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076eefa20 5 bytes JMP 0000000077050320 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076eefa50 5 bytes JMP 00000000770503b0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076eefa70 5 bytes JMP 0000000077050390 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076eefab0 5 bytes JMP 00000000770502e0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076eefb30 5 bytes JMP 00000000770502d0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076eefb50 5 bytes JMP 0000000077050310 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076eefb90 5 bytes JMP 00000000770503c0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076eefbe0 5 bytes JMP 00000000770503f0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076eefd40 5 bytes JMP 0000000077050230 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076eeff00 5 bytes JMP 0000000077050480 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076eeff30 5 bytes JMP 00000000770503a0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ef0010 5 bytes JMP 00000000770502f0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ef0020 5 bytes JMP 0000000077050350 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ef0080 5 bytes JMP 0000000077050290 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ef0110 5 bytes JMP 00000000770502b0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ef0130 5 bytes JMP 00000000770503d0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ef0140 5 bytes JMP 0000000077050330 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ef01b0 5 bytes JMP 0000000077050410 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ef01e0 5 bytes JMP 0000000077050240 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ef04a0 5 bytes JMP 00000000770501e0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ef0560 5 bytes JMP 0000000077050250 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ef0590 5 bytes JMP 0000000077050490 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ef05a0 5 bytes JMP 00000000770504a0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ef05d0 5 bytes JMP 0000000077050300 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ef05e0 5 bytes JMP 0000000077050360 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ef0640 5 bytes JMP 00000000770502a0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ef0690 5 bytes JMP 00000000770502c0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ef06c0 5 bytes JMP 0000000077050380 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ef06d0 5 bytes JMP 0000000077050340 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ef09c0 5 bytes JMP 0000000077050440 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ef0bc0 5 bytes JMP 0000000077050260 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ef0bd0 5 bytes JMP 0000000077050270 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ef0be0 5 bytes JMP 0000000077050400 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ef0da0 5 bytes JMP 00000000770501f0 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ef0db0 5 bytes JMP 0000000077050210 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ef0e20 5 bytes JMP 0000000077050200 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ef0e80 5 bytes JMP 0000000077050420 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ef0e90 5 bytes JMP 0000000077050430 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ef0ea0 5 bytes JMP 0000000077050220 .text D:\Windows\system32\AUDIODG.EXE[5260] D:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ef0f80 5 bytes JMP 0000000077050280 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ????mi???????????????????????4?????eE-??????8?????????,Po??czenie lokalne* 73???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????0Karta Microsoft 6to4 #66?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route ?????????????????????e???????e??????r?????X??????????????????????6?????s16???????.??????????{4d36e972-e325-11ce-bfc1-08002be10318}???????????????????B??? l??????u??????D3??????????Microsoft???????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????6-21-2006????????????????????????e??Karta Microsoft 6to4 #186???@nettun.inf,%msft%;Microsoft?4??? l??????????????????????????e??Sterownik karty Microsoft 6to4??????? ??????????????????????????????"??? ???????????nettun.inf??????????????? ?????????????????????,??????????????????????????????0??????|??????? ?????????????????????*??"?????l????????e????N??????e?????e?e??{4d36e972-e325-11ce-bfc1-08002be10318}?e?e??? ???????e?????e?e??? ????????????????????????????$?N???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0142??e????????????????????????N?????????????????{962711C8-43A1-4AD4-A08D-F41B587ED31A}???????????????????e???????????d???????s??? ??????????????????????????????????????te??????????????????? ?????????????????????0????????????&???????????????????????? ????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ????????????11??????*6to4mp??????????????|?|?|?|?|?|?|??????????????? ??????????????????11?045??? ???(????????????????????`?????????????????????11????????X??????????t???????????????e???????m??????????11??????????????????????????????????????????gencdrom??????????????????????:??????p?gin????P?????????????l???.NT?nf??????Microsoft Virtual WiFi Miniport Service?????11??????? ???/?V????*6to4mp??????????????????????8??????????Microsoft???????????????????tunnel?BD5???????+??????? ???8!~}????????????????????F???h???????????e???e??volume_install???????????????????????????f?????s?f??????????????????@nettun.inf,%msft%;Microsoft? ????*??????f????d???????N????????????D?????????j??????volume.inf??????USB?????????????????????wpdfs.inf???????????????????????6-21-2006???????????-100?????????@??????????Karta Microsoft 6to4 #81?????????????|????????????????L????????????n??????????????????????????\usb???????????????h??????????????????????????WUDFCoInstaller.dll??o???????????????????????????e???????4??.NT???????????????X???????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ?????5????N??????c???????????????????????????s??? ^?????????????????????????????????????? ?????????????????????0????????????????????? ???????????????????l?0????????*???????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0043?.i????.??????????e??@nettun.inf,%msft%;Microsoft? ??????????Net??????????????????????????????????????????~????????????????????????X?????????????????t???????????????6to4mp.ndi????????????????????:???????????????N??????t????D)????text?????????????s??????????{4d36e972-e325-11ce-bfc1-08002be10318}?us.??Karta Microsoft 6to4 #32?2??tunnel?t????? `?????????????????????????Volume???????????????????????????e????X??????????t??{4d36e972-e325-11ce-bfc1-08002be10318}????????2??????D??????84???????n??????s???WPD?????????????????????????????????????? ???????????????????k?0?????????????????????????????????O?????eE???? ?????????????????????0????????????????????? ???????????????????l?0????????????????????????????????????*6to4mp??|??6-21-2006???? ???????????????????s?0??????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????????????|????????????H??|???s???????????)???????h??????s????|??????????Net?????system32\DRIVERS\wfplwf.sys??????????????????????????????????????????????d??????????????????????6-21-2006???? ???????n?????|????????????????d????????????????f???????e???|????`?????????????????????????????????????11????????????????????????X?????????????WPD?????*6to4mp????????????????|?????|????.????????????e??????????????????????????????????????????????????????????D??|???????y???????f????????????????????X??????|???t???????4??????????? ???????|???????? ??|??????????D??????????e????%SystemRoot%\system32\usbperf.dll?????.??|??????????OpenUsbPerformanceData????????0??|??????????CloseUsbPerformanceData???????4??|???????t??CollectUsbPerformanceData???Base?$???|?????????????????e?????????|?????????e????usbperf.ini?????????????????t???? ??????????????r????????????????????????????????????????|??? ????????????????????????????????p??????|?|?|?|?|?|?|?|?|?|????? ???????n???????????|??????????f????????i????????????????????????R??|????????h Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????m.??Karta Microsoft 6to4 #10?e????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????Interface Un-quarantine filter?????????????????????????????????????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P???????????????????? ???&??????????????????????????? ???&???????????????????????????????&??????????????????????????? ???&??????????????????????????????\\?\Root#*6TO4MP#0135#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{7E0B1BC9-309D-4993-B106-F5B66DA04CDB}?-F??\\?\Root#*6TO4MP#0136#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{1D3374B0-9E3D-4CE8-95A3-2DA14926D7E9}?A7????$??????0???????0??Root\*6TO4MP\0137????????????1??????11????$?????????????? ??Root\*6TO4MP\0138???????????????????????? ??????????????s???????????????????????????????????????\\?\Root#*6TO4MP#0139#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{D99641A7-B876-482E-A7 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ?????????????????g???????l??????64??{4d36e972-e325-11ce-bfc1-08002be10318}???????????????????????????????????????????????????u???????????a???????????????_??????????d???Karta Microsoft 6to4 #24?j???????????????e???????????????e??????????????TA???????????????????.???????? ??k???????e??Microsoft???? ???????|???????????k?:????????????&???????????????????????? ?????????????????????0????????????????????? ???????????????????m?0????????????????????? ???????F?????39-???f????.?????????D0????????????????????????$?????????????????????????????????Di????N????????????D????? ???????t???????'???????????????????4?????????????????s????? ???????n?????????????,??"?????????]???????????????????????????????????????????????????STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HUAWEI&PROD_SD_STORAGE&REV_2.31#8&1CF44065&0#???????????????????pi??Zapisuje pliki instalacyjne u?ywane przy aktualizacjach i naprawach. Jest niezb?dny do pobierania aktualizacji Instalatora i zg?aszania raport?w programu Watson o b??dach.?p6??? ????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????11??????????tunnel???3??????????????????r?????8??|????????X?????????????????????????t???????????int?????????????????????????????????????.NT?????tunnel??????LocalSystem?????????????????????????????????????t??????????????g????? ? ?#??????????????????????????????????????????????? ???????n?????|?? ??|????(?????H??????s??????H??|?????????e????@%SystemRoot%\system32\vds.exe,-100????????????????????`??????????????? ??g?????????????????|???|??? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ????????????????ndis5_ip6_tunnel????? ???????Z?????????????0????????????&????????????????????e??????y????w???????????????????????8??????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ???????\?????6_{??6to4mp.ndi?-42??? ??????????????????6-21-2006???? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????D??ic??6to4mp.ndi?677???????????B??????C4??? ?????????????????????0????????????????????????????????????????? ?????????????????????0????????????????????????????????}???? ?????????????????????*??"?????l?l???????????N???????????D?\\??{4d36e972-e325-11ce-bfc1-08002be10318}?dcb??? ???????8?????D0D??? ????????????????????????????$?N?z?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0122???????????????????????????N?????????????????{35D33815-8CEF-4E7C-8118-72BEBE5D2F31}???????????????d???????s??? ???????e??????eC????N??????F????D1-8????|?????????????gendisk??????????????7??44??????????{36fc9e60-c465-11cf-8056-444553540000}?A5C????????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????????????0???Karta Microsoft 6to4 #128?????N???????????D?ZT??tunnel???0???????????????e??*6to4mp?????? l?????????????&???{4d36e972-e325-11ce-bfc1-08002be10318}?cac???????????????e??5-??I:\?????????M???????????????te???????????????????????????????????????e????????????4??????1??????7???? ???????0?????e10????X??????e????????????????????????????????????????????N??????1?????D11????:??????5?g21??text????????????????Karta Microsoft 6to4 #154???????????????????1E????t??????????????????????A?????sE1??Volume???:??????????????{B??Typ???????????????????????4??????#??????48????X?????????????????????????????Net?????????3C???????&??????14????????????N?????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ??????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????Net?s????????????????I??*6to4mp??????????d????????????????????????N?????????????????tunnel??????Net??????????????????????????h???????????????????????????????b??t???????17??*6to4mp?1C??????????????el????????????????????????????????R???????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????Ne??Net?????? ??????????????????????????????`????????e??????????????? P??????8?????8BC??{C739FE2A-9CDC-4D2D-9B16-9570E801EDF2}??pi????????*??????E????d6-A??????????????D9??????? ??????????????????????????????`????????e??????????????? P?????????????????{64C46F2A-4C05-4F3C-9BDF-432806B3DE3C}????????????*???????????d?????TCPIP6TUNNEL?Tcpip6???????????????`?????????????\Device\{64C46F2A-4C05-4F3C-9BDF-432806B3DE3C}??????????????????????????????????????????????????? ?????????????????????,?????????????????f????????????????????????N????????????D????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ???????0?????????????,????????$?p????????????Urz?dzenie pami?ci masowej USB?944??@usbstor.inf,%genericbulkonly.devicedesc%;Urz?dzenie pami?ci masowej USB?9??? ?????????????????????-????????????&????????????????????B????????????????5FB8??? ?????????????????????-??????????????????????????????????????0??????7??A5??????\D???????????e??????????d(??????????? ???????????????????????????? ?2???????????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0000?? ??? ???????? ????????????0????????????&????????????????????_??? ?????????????????????0????????????????????????#????? ??????o??????? ???????????????????????????????????????????????????I?????sIn??? ???????????????? ????,??"???&??????????????-??? ???????/? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ????ta???????????????e??? ???????U?????????????,????????$?x????????r?????>??r??????????????%SystemRoot%\System32\umpo.dll???????r??????????????????????? ???????q???????????r???????? ?F?????????????????F??r??????????????%SystemRoot%\System32\netevent.dll???????????????????????????r?r????? ???????q???????????r???????? ?N???????t?????D??r??????????????%SystemRoot%\System32\ntprint.dll????????????????????????r?r?r???r?r?????r????????????????N??r??????????????{747EF6FD-E535-4d16-B510-42C90F6873A1}??????? ???????q???????????r??????????N?????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????s??System32\Drivers\cng.sys?????j?j?s???s???????{???????{???????????? ????????????ems??????????????????????????????????????????????t????????????&???o???????????????????????m??????????????????11?????????????o???o???o?????&???????????????????????????????&???????3???????????????????F???&???????-???????????????????C??Net????????????????????{4d36e972-e Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ????????text????? ??????????????????????????Karta Microsoft 6to4 #460???*6to4mp?38??? ???????o?????ERE???????????????????????????????????6?????????????????????eFU??????????Typ?????????????int??????????????*??}?????????????????????????????????????????????????????????@??????????????????????_???????????s?s?????????j??Karta Microsoft 6to4 #439???????????????????????????????????????11??????11?t???????????????????????????????????????????e????? ???????:?????????????:????????????&???????????????????????? ?????????????????????????????????e????tunnel??????*6to4mp??????????????????????????B??tunnel????????????????Z????????????n?????????????????????????????????r??????????????????????????????12??????????????????????????????????????????tunnel???????????????_??????????6-21-2006????????????????????????????????????e??????????????????\SystemRoot\system32\drivers\ksthunk.sys????????????????*6to4mp?????nettun.inf???t??????????????tunnel?j?????????????????????T?????s4?????:??????2?g22??????????text?????????????_????????????????? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???i????????????????????????????Security Processor Loader Driver??????????????????????????4??i????????h???????????????????????B??i?????????e????System32\DRIVERS\srv.sys??????N??i?????????n????@%systemroot%\system32\srvsvc.dll,-103???????????h??????p????????h??????????@%systemroot%\system32\srvsvc.dll,-104??????AUTO??????2??i????????h?????????????????????@%systemroot%\system32\srvsvc.dll,-102??????System32\DRIVERS\srv2.sys????????y???u???y?y????????????????t?????????????8??u????????h?????PNP_TDI??????????i???????4??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|Name=@sstpsvc.dll,-35002|Desc=@sstpsvc.dll,-35003|EmbedCtxt=@sstpsvc.dll,-35001|?????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|?????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@snmptrap. Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???i?r???????j???????o???????:???j?j?s?s?s?n?o????????????????????????`?????????????tunnel??????????????System32\drivers\hwpolicy.sys???Net?88??System32\drivers\tcpip.sys?????????r????*6to4mp??????????r??????e????r??Typ?un???????r????P??r?????????e???????r?????r???r??????????????? ???????n?????r?????r????????$???w????x????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??r????????h?????%systemroot%\system32\fxssvc.exe????????????????t?????????????????????P??r?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????r???+????????@??r???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??r??????????????NT AUTHORITY\NetworkService???????,??r???+???????+???????????????????????????r??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????r?r?r?r?r?r?r?r?r?r?r??????????????????????????? ???????r???????????r?????????????????????????????????p?????????????(??????P??????????????????? ?? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ?????w?????g???g????{00000000-0000-0000-ffff-ffffffffffff}?dow????X??????????????????Z??????s????? ??e???????????????????d??t1??fastfat?????NDIS?~?????g???????g???????????????????shc???????@??????s?????X?????? ??????? ???g?????????net???????t???????????I??tn???????d???e??sa??????????????????\????????????????????????????e???g?g?????g??? ???????g?????g???????3????????????????????? ???????g???????????g?3?????????????????????????????a??Pr???????g???????8???g?g???????g????? ???????g?????g???????3???????????????????????g???g???g?? dev??? ???????g???????????g?3?????????????????????????g???????????????????g?gCI?????g????? ???????g ????g???????3????????????&??????????????????????????g?????g??? ???????g?????g???????3????????????????????? ???????g???????????g?3????????????????????????????? ???????????g???????8???????????g?g???????g????? ???????g?????g???????3?????????????????????g?g?????g??? ???????g???????????g?3?????????????????????????????????????????g???????8??6.1.7600.16385?.in?????g????? ???????g?????g???????3??? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???r????????????????????????Net??????????r???????????u???????????{?{????TCP/IP Registry Compatibility?????????????????????????8??r????????h???????????????R??????????????d????:??r????????h?????system32\DRIVERS\hidusb.sys?\hidusb.sys??????????????r?????>??r??????????????%SystemRoot%\System32\umpo.dll???????r??????????????????????? ???????q???????????r???????? ?F?????????????????F??r??????????????%SystemRoot%\System32\netevent.dll???????????????????????????r?r????? ???????q???????????r???????? ?N???????t?????D??r??????????????%SystemRoot%\System32\ntprint.dll????????????????????????r?r?r???r?r?????r????????????????N??r??????????????{747EF6FD-E535-4d16-B510-42C90F6873A1}??????? ???????q???????????r??????????N?????????????????? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???r????*6to4mp??????????r??????e????r??Typ?un???????r????P??r?????????e???????r?????r???r??????????????? ???????n?????r?????r????????$???w????x????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??r????????h?????%systemroot%\system32\fxssvc.exe????????????????t?????????????????????P??r?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????r???+????????@??r???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??r??????????????NT AUTHORITY\NetworkService???????,??r???+???????+???????????????????????????r??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????r?r?r?r?r?r?r?r?r?r?r??????????????????????????? ???????r???????????r?????????????????????????????????p?????????????(??????P??????????????????? ???????????????????????????? ???????n???????????h??????????N?x????c????@%systemroot%\system32\drivers\hwpolicy.sys,-101??????????????N??????|?????|?|??tunnel?F5-???????????????|? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ?????t??Net????????t????????????????????????????????t?????(??t??????p??????????????????????????????t?????t??system32\DRIVERS\nwifi.sys???????????t??Net???????:??t????????h?????system32\drivers\MSKSSRV.sys?????????s??????t???? ???????t?????t?????t?????????????? ??????????????? ????????e??? ???????t???????????t????????????????????????????????????5?????? ???????n?????t?????j??????????X?????????????:??s????????h??????????????:?????t??????6??s?????????e?????????????????????????????????????????6?g?6???????t?????t?????t?????????????????????????????????g????????????????????????????????t???????????????p????t??????????????TDI?????????????? ???????t?????t?????t?????????????? ????????????????????????e??? ???????t???????????t????????????????????????????????????5?????? ???????n?????t????????????????\??????????????????????????????????????????g??????