GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-03 19:56:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB Running: st1p8hs6.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\uxldqpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\services.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\igfxpers.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075371401 2 bytes JMP 7555b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075371419 2 bytes JMP 7555b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075371431 2 bytes JMP 755d8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007537144a 2 bytes CALL 7553489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753714dd 2 bytes JMP 755d8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753714f5 2 bytes JMP 755d89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007537150d 2 bytes JMP 755d8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075371525 2 bytes JMP 755d8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007537153d 2 bytes JMP 7554fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075371555 2 bytes JMP 755568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007537156d 2 bytes JMP 755d8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075371585 2 bytes JMP 755d8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007537159d 2 bytes JMP 755d86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753715b5 2 bytes JMP 7554fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753715cd 2 bytes JMP 7555b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753716b2 2 bytes JMP 755d8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753716bd 2 bytes JMP 755d8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3804] C:\Windows\syswow64\KERNEL32.dll!SetFileCompletionNotificationModes 00000000755ab35e 5 bytes JMP 0000000110007740 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3868] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 00000000777c000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3868] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007784fbaa 5 bytes JMP 0000000177809cfb .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3868] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000755ab35e 5 bytes JMP 0000000110007740 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe[3876] C:\Windows\syswow64\KERNEL32.dll!SetFileCompletionNotificationModes 00000000755ab35e 5 bytes JMP 0000000110007740 .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[3908] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000755ab35e 5 bytes JMP 0000000100827740 .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe[4004] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000755ab35e 5 bytes JMP 0000000100c47740 .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe[3556] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000755ab35e 5 bytes JMP 0000000100257740 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2888] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075538781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2888] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000755ab35e 5 bytes JMP 0000000110007740 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\SearchIndexer.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[6760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[6788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\svchost.exe[7416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\svchost.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007761dc60 5 bytes JMP 0000000077780460 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007761dcb0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007761de10 5 bytes JMP 0000000077780370 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007761de60 5 bytes JMP 0000000077780470 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007761de70 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007761df20 5 bytes JMP 0000000077780320 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761df50 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007761df70 5 bytes JMP 0000000077780390 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007761dfb0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007761e030 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007761e050 5 bytes JMP 0000000077780310 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007761e090 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007761e0e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007761e240 5 bytes JMP 0000000077780230 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007761e400 5 bytes JMP 0000000077780480 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007761e430 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007761e510 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007761e520 5 bytes JMP 0000000077780350 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007761e580 5 bytes JMP 0000000077780290 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007761e610 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007761e630 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007761e640 5 bytes JMP 0000000077780330 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007761e6b0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007761e6e0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007761e9a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007761ea60 5 bytes JMP 0000000077780250 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007761ea90 5 bytes JMP 0000000077780490 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007761eaa0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007761ead0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007761eae0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007761eb40 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007761eb90 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007761ebc0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007761ebd0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007761eec0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007761f0c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007761f0d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007761f0e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007761f2a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007761f2b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007761f320 5 bytes JMP 0000000077780200 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007761f380 5 bytes JMP 0000000077780420 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007761f390 5 bytes JMP 0000000077780430 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007761f3a0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\AUDIODG.EXE[8140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007761f480 5 bytes JMP 0000000077780280 .text C:\Users\Tomek\Desktop\Logi\st1p8hs6.exe[4364] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000755ab35e 5 bytes JMP 0000000110007740 ---- EOF - GMER 2.1 ----