GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-19 20:43:01 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000070 KINGSTON rev.583A 111,79GB Running: g2q121sc.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\fgwdqfob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 0000000149ef0460 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 0000000149ef0450 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 0000000149ef0370 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 0000000149ef0470 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 0000000149ef03e0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 0000000149ef0320 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 0000000149ef03b0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 0000000149ef0390 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 0000000149ef02e0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 0000000149ef02d0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 0000000149ef0310 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 0000000149ef03c0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 0000000149ef03f0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 0000000149ef0230 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 0000000149ef0480 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 0000000149ef03a0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 0000000149ef02f0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 0000000149ef0350 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 0000000149ef0290 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 0000000149ef02b0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 0000000149ef03d0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 0000000149ef0330 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 0000000149ef0410 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 0000000149ef0240 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 0000000149ef01e0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 0000000149ef0250 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 0000000149ef0490 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 0000000149ef04a0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 0000000149ef0300 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 0000000149ef0360 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 0000000149ef02a0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 0000000149ef02c0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 0000000149ef0380 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 0000000149ef0340 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 0000000149ef0440 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 0000000149ef0260 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 0000000149ef0270 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 0000000149ef0400 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 0000000149ef01f0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 0000000149ef0210 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 0000000149ef0200 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 0000000149ef0420 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 0000000149ef0430 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 0000000149ef0220 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 0000000149ef0280 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 0000000149ef0460 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 0000000149ef0450 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 0000000149ef0370 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 0000000149ef0470 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 0000000149ef03e0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 0000000149ef0320 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 0000000149ef03b0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 0000000149ef0390 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 0000000149ef02e0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 0000000149ef02d0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 0000000149ef0310 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 0000000149ef03c0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 0000000149ef03f0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 0000000149ef0230 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 0000000149ef0480 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 0000000149ef03a0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 0000000149ef02f0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 0000000149ef0350 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 0000000149ef0290 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 0000000149ef02b0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 0000000149ef03d0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 0000000149ef0330 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 0000000149ef0410 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 0000000149ef0240 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 0000000149ef01e0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 0000000149ef0250 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 0000000149ef0490 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 0000000149ef04a0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 0000000149ef0300 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 0000000149ef0360 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 0000000149ef02a0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 0000000149ef02c0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 0000000149ef0380 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 0000000149ef0340 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 0000000149ef0440 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 0000000149ef0260 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 0000000149ef0270 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 0000000149ef0400 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 0000000149ef01f0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 0000000149ef0210 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 0000000149ef0200 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 0000000149ef0420 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 0000000149ef0430 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 0000000149ef0220 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 0000000149ef0280 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\System32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\System32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\svchost.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 0000000100060280 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b11465 2 bytes [B1, 76] .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b114bb 2 bytes [B1, 76] .text ... * 2 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\svchost.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\svchost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Program Files (x86)\XTab\ProtectService.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b11465 2 bytes [B1, 76] .text C:\Program Files (x86)\XTab\ProtectService.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b114bb 2 bytes [B1, 76] .text ... * 2 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072fe1a22 2 bytes [FE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072fe1ad0 2 bytes [FE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072fe1b08 2 bytes [FE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072fe1bba 2 bytes [FE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072fe1bda 2 bytes [FE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b11465 2 bytes [B1, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b114bb 2 bytes [B1, 76] .text ... * 2 .text C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe[2812] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076b11465 2 bytes [B1, 76] .text C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe[2812] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076b114bb 2 bytes [B1, 76] .text ... * 2 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\wbem\wmiprvse.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\Dwm.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\Explorer.EXE[3732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 0000000100070460 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 0000000100070450 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 0000000100070370 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 0000000100070470 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000001000703e0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 0000000100070320 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000001000703b0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 0000000100070390 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000001000702d0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 0000000100070310 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000001000703c0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 0000000100070230 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 0000000100070480 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 0000000100070350 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 0000000100070290 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 0000000100070330 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 0000000100070410 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 0000000100070240 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 0000000100070250 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 0000000100070490 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 0000000100070300 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 0000000100070360 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000001000702a0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000001000702c0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 0000000100070380 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 0000000100070340 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 0000000100070440 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 0000000100070260 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 0000000100070270 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 0000000100070400 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 0000000100070210 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 0000000100070200 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 0000000100070420 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 0000000100070430 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 0000000100070280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3308] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076248791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b11465 2 bytes [B1, 76] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b114bb 2 bytes [B1, 76] .text ... * 2 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Program Files (x86)\XTab\HPNotify.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b11465 2 bytes [B1, 76] .text C:\Program Files (x86)\XTab\HPNotify.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b114bb 2 bytes [B1, 76] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Windows\system32\SearchIndexer.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter.exe[4484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b11465 2 bytes [B1, 76] .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter.exe[4484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b114bb 2 bytes [B1, 76] .text ... * 2 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f61360 5 bytes JMP 00000000770c0460 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f613b0 5 bytes JMP 00000000770c0450 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f61510 5 bytes JMP 00000000770c0370 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f61560 5 bytes JMP 00000000770c0470 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f61570 5 bytes JMP 00000000770c03e0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f61620 5 bytes JMP 00000000770c0320 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f61650 5 bytes JMP 00000000770c03b0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f61670 5 bytes JMP 00000000770c0390 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f616b0 5 bytes JMP 00000000770c02e0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f61730 5 bytes JMP 00000000770c02d0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f61750 5 bytes JMP 00000000770c0310 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f61790 5 bytes JMP 00000000770c03c0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f617e0 5 bytes JMP 00000000770c03f0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f61940 5 bytes JMP 00000000770c0230 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f61b00 5 bytes JMP 00000000770c0480 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f61b30 5 bytes JMP 00000000770c03a0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f61c10 5 bytes JMP 00000000770c02f0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f61c20 5 bytes JMP 00000000770c0350 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f61c80 5 bytes JMP 00000000770c0290 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f61d10 5 bytes JMP 00000000770c02b0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f61d30 5 bytes JMP 00000000770c03d0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f61d40 5 bytes JMP 00000000770c0330 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f61db0 5 bytes JMP 00000000770c0410 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f61de0 5 bytes JMP 00000000770c0240 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f620a0 5 bytes JMP 00000000770c01e0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f62160 5 bytes JMP 00000000770c0250 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f62190 5 bytes JMP 00000000770c0490 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f621a0 5 bytes JMP 00000000770c04a0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f621d0 5 bytes JMP 00000000770c0300 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f621e0 5 bytes JMP 00000000770c0360 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f62240 5 bytes JMP 00000000770c02a0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f62290 5 bytes JMP 00000000770c02c0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f622c0 5 bytes JMP 00000000770c0380 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f622d0 5 bytes JMP 00000000770c0340 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f625c0 5 bytes JMP 00000000770c0440 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f627c0 5 bytes JMP 00000000770c0260 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f627d0 5 bytes JMP 00000000770c0270 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f627e0 5 bytes JMP 00000000770c0400 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f629a0 5 bytes JMP 00000000770c01f0 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f629b0 5 bytes JMP 00000000770c0210 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f62a20 5 bytes JMP 00000000770c0200 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f62a80 5 bytes JMP 00000000770c0420 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f62a90 5 bytes JMP 00000000770c0430 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f62aa0 5 bytes JMP 00000000770c0220 .text C:\Users\Adrian\Downloads\FRST64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f62b80 5 bytes JMP 00000000770c0280 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1588] (WindowsProtectManger Service/Fuyu LIMITED)(2015-01-10 19:02:57) 0000000000a60000 ---- EOF - GMER 2.1 ----