GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-17 22:13:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB Running: qcuxgmdy.exe; Driver: C:\Users\MANIKO~1\AppData\Local\Temp\uwldypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 000000014a060460 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 000000014a060450 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 000000014a060370 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 000000014a060470 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 000000014a0603e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 000000014a060320 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 000000014a0603b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 000000014a060390 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 000000014a0602e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 000000014a0602d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 000000014a060310 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 000000014a0603c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 000000014a0603f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 000000014a060230 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 000000014a060480 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 000000014a0603a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 000000014a0602f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 000000014a060350 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 000000014a060290 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 000000014a0602b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 000000014a0603d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 000000014a060330 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 000000014a060410 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 000000014a060240 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 000000014a0601e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 000000014a060250 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 000000014a060490 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 000000014a0604a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 000000014a060300 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 000000014a060360 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 000000014a0602a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 000000014a0602c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 000000014a060380 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 000000014a060340 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 000000014a060440 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 000000014a060260 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 000000014a060270 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 000000014a060400 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 000000014a0601f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 000000014a060210 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 000000014a060200 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 000000014a060420 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 000000014a060430 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 000000014a060220 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 000000014a060280 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 000000014a060460 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 000000014a060450 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 000000014a060370 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 000000014a060470 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 000000014a0603e0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 000000014a060320 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 000000014a0603b0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 000000014a060390 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 000000014a0602e0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 000000014a0602d0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 000000014a060310 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 000000014a0603c0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 000000014a0603f0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 000000014a060230 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 000000014a060480 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 000000014a0603a0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 000000014a0602f0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 000000014a060350 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 000000014a060290 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 000000014a0602b0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 000000014a0603d0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 000000014a060330 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 000000014a060410 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 000000014a060240 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 000000014a0601e0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 000000014a060250 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 000000014a060490 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 000000014a0604a0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 000000014a060300 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 000000014a060360 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 000000014a0602a0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 000000014a0602c0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 000000014a060380 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 000000014a060340 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 000000014a060440 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 000000014a060260 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 000000014a060270 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 000000014a060400 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 000000014a0601f0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 000000014a060210 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 000000014a060200 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 000000014a060420 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 000000014a060430 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 000000014a060220 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 000000014a060280 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\svchost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\System32\svchost.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000100070460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000100070370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000100070470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000100070320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000100070390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000100070310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000100070230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000100070250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000100070490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\taskhost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\taskeng.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[3676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\SearchIndexer.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\taskhost.exe[4272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\System32\svchost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4900] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075a78791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe[5056] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe[5056] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\DllHost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\wuauclt.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\notepad.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775e1360 5 bytes JMP 0000000077740460 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775e13b0 5 bytes JMP 0000000077740450 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775e1510 5 bytes JMP 0000000077740370 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775e1560 5 bytes JMP 0000000077740470 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775e1570 5 bytes JMP 00000000777403e0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775e1620 5 bytes JMP 0000000077740320 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775e1650 5 bytes JMP 00000000777403b0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775e1670 5 bytes JMP 0000000077740390 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775e16b0 5 bytes JMP 00000000777402e0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775e1730 5 bytes JMP 00000000777402d0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775e1750 5 bytes JMP 0000000077740310 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775e1790 5 bytes JMP 00000000777403c0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775e17e0 5 bytes JMP 00000000777403f0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775e1940 5 bytes JMP 0000000077740230 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775e1b00 5 bytes JMP 0000000077740480 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775e1b30 5 bytes JMP 00000000777403a0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775e1c10 5 bytes JMP 00000000777402f0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775e1c20 5 bytes JMP 0000000077740350 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775e1c80 5 bytes JMP 0000000077740290 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775e1d10 5 bytes JMP 00000000777402b0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775e1d30 5 bytes JMP 00000000777403d0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775e1d40 5 bytes JMP 0000000077740330 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775e1db0 5 bytes JMP 0000000077740410 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775e1de0 5 bytes JMP 0000000077740240 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775e20a0 5 bytes JMP 00000000777401e0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775e2160 5 bytes JMP 0000000077740250 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775e2190 5 bytes JMP 0000000077740490 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775e21a0 5 bytes JMP 00000000777404a0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775e21d0 5 bytes JMP 0000000077740300 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775e21e0 5 bytes JMP 0000000077740360 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775e2240 5 bytes JMP 00000000777402a0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775e2290 5 bytes JMP 00000000777402c0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775e22c0 5 bytes JMP 0000000077740380 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775e22d0 5 bytes JMP 0000000077740340 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775e25c0 5 bytes JMP 0000000077740440 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775e27c0 5 bytes JMP 0000000077740260 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775e27d0 5 bytes JMP 0000000077740270 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775e27e0 5 bytes JMP 0000000077740400 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775e29a0 5 bytes JMP 00000000777401f0 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775e29b0 5 bytes JMP 0000000077740210 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775e2a20 5 bytes JMP 0000000077740200 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775e2a80 5 bytes JMP 0000000077740420 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775e2a90 5 bytes JMP 0000000077740430 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775e2aa0 5 bytes JMP 0000000077740220 .text C:\Windows\system32\notepad.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775e2b80 5 bytes JMP 0000000077740280 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001051e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001051c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001052614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001052a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800105286c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800667e2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800667e2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800667e2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 fffffa800667e2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800667e2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800667e2c0 Device \Driver\aoyoohvi \Device\Scsi\aoyoohvi1Port4Path0Target0Lun0 fffffa800801a2c0 Device \Driver\aoyoohvi \Device\Scsi\aoyoohvi1 fffffa800801a2c0 Device \FileSystem\Ntfs \Ntfs fffffa80066822c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80080182c0 Device \Driver\cdrom \Device\CdRom0 fffffa80078242c0 Device \Driver\cdrom \Device\CdRom1 fffffa80078242c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80080182c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D74FCC76-8F64-4828-B568-8F8272AB862D} fffffa8007cbe2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80080182c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007cbe2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800667e2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80080182c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800667e2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800667e2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800667e2c0 Device \Driver\aoyoohvi \Device\ScsiPort4 fffffa800801a2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800667e2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800667e2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800777b060] fffffa800777b060 Trace 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800721c580] fffffa800721c580 Trace 5 ACPI.sys[fffff880011787a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800721e060] fffffa800721e060 Trace \Driver\atapi[0xfffffa800714d420] -> IRP_MJ_CREATE -> 0xfffffa800667e2c0 fffffa800667e2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\aoyoohvi.SYS fffff88004a00000-fffff88004a4b000 (307200 bytes) ---- Processes - GMER 2.1 ---- Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 000000006d610000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006cf00000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056](2014-10-22 00:22:50) 000000006bae0000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006e840000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 0000000004530000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000 Library c:\users\maniko~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwdr8a1.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056](2015-01-17 20:17:21) 0000000004140000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006fb50000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000064d80000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000006f930000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000006e5e0000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000072540000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056](2014-10-22 00:22:50) 0000000072530000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 00000000706e0000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000706a0000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000703d0000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056](2014-10-22 00:22:48) 000000006f850000 Library C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe [5056](2014-10-22 00:22:46) 000000006f790000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0x05 0xE1 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0x21 0xBF 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x93 0x5B 0x37 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xE4 0x76 0x99 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0x05 0xE1 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0x21 0xBF 0x0A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x93 0x5B 0x37 0x4A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xE4 0x76 0x99 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----