GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-23 17:45:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005d SAMSUNG_ rev.CP10 298,09GB Running: xexg4rqw.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwlcipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000149d70460 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000149d70450 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000149d70370 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000149d70470 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000149d703e0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000149d70320 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000149d703b0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000149d70390 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000149d702e0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000149d702d0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000149d70310 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000149d703c0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000149d703f0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000149d70230 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000149d70480 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000149d703a0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000149d702f0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000149d70350 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000149d70290 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000149d702b0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000149d703d0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000149d70330 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000149d70410 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000149d70240 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000149d701e0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000149d70250 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000149d70490 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000149d704a0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000149d70300 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000149d70360 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000149d702a0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000149d702c0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000149d70380 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000149d70340 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000149d70440 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000149d70260 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000149d70270 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000149d70400 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000149d701f0 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000149d70210 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000149d70200 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000149d70420 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000149d70430 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000149d70220 .text C:\Windows\system32\csrss.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000149d70280 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000149d70460 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000149d70450 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000149d70370 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000149d70470 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000149d703e0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000149d70320 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000149d703b0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000149d70390 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000149d702e0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000149d702d0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000149d70310 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000149d703c0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000149d703f0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000149d70230 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000149d70480 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000149d703a0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000149d702f0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000149d70350 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000149d70290 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000149d702b0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000149d703d0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000149d70330 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000149d70410 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000149d70240 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000149d701e0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000149d70250 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000149d70490 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000149d704a0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000149d70300 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000149d70360 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000149d702a0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000149d702c0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000149d70380 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000149d70340 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000149d70440 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000149d70260 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000149d70270 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000149d70400 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000149d701f0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000149d70210 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000149d70200 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000149d70420 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000149d70430 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000149d70220 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000149d70280 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\System32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\atieclxx.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\taskhost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\Explorer.EXE[1940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000100070450 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001000703b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000100070230 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001000703d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000100070330 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000100070250 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000100070490 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001000704a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000727617fa 2 bytes CALL 76a211a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072761860 2 bytes CALL 76a211a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072761942 2 bytes JMP 76557089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007276194d 2 bytes JMP 7655cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2344] entry point in ".rdata" section 00000000684971e6 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000100070450 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001000703b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000100070230 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001000703d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000100070330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000100070250 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000100070490 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001000704a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2888] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\System32\svchost.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\SearchIndexer.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\System32\WUDFHost.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077d0000c 1 byte [C3] .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077d8eea2 5 bytes JMP 0000000177d47e39 .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076a287b1 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 00000001001f0460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 00000001001f0450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 00000001001f0370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 00000001001f0470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001001f03e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 00000001001f0320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001001f03b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 00000001001f0390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001001f02e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001001f02d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 00000001001f0310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001001f03c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001001f03f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 00000001001f0230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 00000001001f0480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001001f03a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001001f02f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 00000001001f0350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 00000001001f0290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001001f02b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001001f03d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 00000001001f0330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 00000001001f0410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 00000001001f0240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001001f01e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 00000001001f0250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 00000001001f0490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001001f04a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 00000001001f0300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 00000001001f0360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001001f02a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001001f02c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 00000001001f0380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 00000001001f0340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 00000001001f0440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 00000001001f0260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 00000001001f0270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 00000001001f0400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001001f01f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 00000001001f0210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 00000001001f0200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 00000001001f0420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 00000001001f0430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 00000001001f0220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 00000001001f0280 .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077d0000c 1 byte [C3] .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077d8eea2 5 bytes JMP 0000000177d47e39 .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077d0000c 1 byte [C3] .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077d8eea2 5 bytes JMP 0000000177d47e39 .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000100070460 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000100070450 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000100070370 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000100070470 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 00000001000703e0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000100070320 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 00000001000703b0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000100070390 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 00000001000702e0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 00000001000702d0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000100070310 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 00000001000703c0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 00000001000703f0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000100070230 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000100070480 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 00000001000703a0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 00000001000702f0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000100070350 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000100070290 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 00000001000702b0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 00000001000703d0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000100070330 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000100070410 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000100070240 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 00000001000701e0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000100070250 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000100070490 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 00000001000704a0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000100070300 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000100070360 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 00000001000702a0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 00000001000702c0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000100070380 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000100070340 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000100070440 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000100070260 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000100070270 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000100070400 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 00000001000701f0 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000100070210 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000100070200 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000100070420 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000100070430 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000100070220 .text C:\Users\Administrator\Desktop\FRST64.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Raptr\raptr_im.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\wbem\unsecapp.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\wbem\wmiprvse.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 76a4b273 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 76a4b39e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 76ac9079 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 76a248cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 76ac8972 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 76ac8b48 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 76ac8868 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 76ac8c32 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 76a3fd00 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76a46949 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 76ac9131 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 76ac8c92 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 76ac882c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 76a3fd99 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 76a4b334 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 76ac8ff4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 76ac87c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5bf80 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5bfd0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b5c130 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b5c180 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b5c190 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b5c240 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b5c270 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b5c290 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b5c2d0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b5c350 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b5c370 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b5c3b0 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b5c400 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b5c560 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b5c720 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b5c750 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b5c830 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b5c840 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b5c8a0 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b5c930 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b5c950 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b5c960 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b5c9d0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b5ca00 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b5ccc0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b5cd80 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b5cdb0 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b5cdc0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b5cdf0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b5ce00 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b5ce60 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b5ceb0 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b5cee0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b5cef0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b5d1e0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b5d3e0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b5d3f0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b5d400 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b5d5c0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b5d5d0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b5d640 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b5d6a0 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b5d6b0 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b5d6c0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\notepad.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b5d7a0 5 bytes JMP 0000000077cc0280 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2524:5552] 000007fef4c99688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4716:4580] 000007fefbb02bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4716:3864] 000007fef7905124 ---- Processes - GMER 2.1 ---- Process C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe (*** suspicious ***) @ C:\Users\Administrator\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe [3780] (Flvto Youtube Downloader/Hotger)(2015-05-25 10:30:04) 00000000012d0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 192.168.1.254 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpDomain home ---- EOF - GMER 2.1 ----