GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-08 15:51:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST320LM000_HM321HI rev.2AJ10002 298,09GB Running: 5gr38g2n.exe; Driver: C:\Users\EWA\AppData\Local\Temp\uxriipow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 000000014a340460 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 000000014a340450 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 000000014a340370 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 000000014a340470 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 000000014a3403e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 000000014a340320 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 000000014a3403b0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 000000014a340390 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 000000014a3402e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 000000014a3402d0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 000000014a340310 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 000000014a3403c0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 000000014a3403f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 000000014a340230 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 000000014a340480 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 000000014a3403a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 000000014a3402f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 000000014a340350 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 000000014a340290 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 000000014a3402b0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 000000014a3403d0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 000000014a340330 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 000000014a340410 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 000000014a340240 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 000000014a3401e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 000000014a340250 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 000000014a340490 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 000000014a3404a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 000000014a340300 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 000000014a340360 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 000000014a3402a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 000000014a3402c0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 000000014a340380 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 000000014a340340 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 000000014a340440 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 000000014a340260 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 000000014a340270 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 000000014a340400 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 000000014a3401f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 000000014a340210 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 000000014a340200 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 000000014a340420 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 000000014a340430 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 000000014a340220 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 000000014a340280 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000100040460 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000100040370 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000100040470 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000100040320 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000100040390 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000100040310 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000100040230 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000100040480 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000100040350 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000100040290 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000100040330 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000100040250 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000100040490 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000100040200 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000100040420 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000100040430 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000100040280 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 000000014a340460 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 000000014a340450 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 000000014a340370 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 000000014a340470 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 000000014a3403e0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 000000014a340320 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 000000014a3403b0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 000000014a340390 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 000000014a3402e0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 000000014a3402d0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 000000014a340310 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 000000014a3403c0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 000000014a3403f0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 000000014a340230 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 000000014a340480 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 000000014a3403a0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 000000014a3402f0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 000000014a340350 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 000000014a340290 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 000000014a3402b0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 000000014a3403d0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 000000014a340330 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 000000014a340410 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 000000014a340240 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 000000014a3401e0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 000000014a340250 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 000000014a340490 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 000000014a3404a0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 000000014a340300 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 000000014a340360 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 000000014a3402a0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 000000014a3402c0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 000000014a340380 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 000000014a340340 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 000000014a340440 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 000000014a340260 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 000000014a340270 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 000000014a340400 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 000000014a3401f0 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 000000014a340210 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 000000014a340200 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 000000014a340420 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 000000014a340430 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 000000014a340220 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 000000014a340280 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\lsass.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\System32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000100070280 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\Dwm.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\Explorer.EXE[1360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\System32\spoolsv.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\taskhost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000762b1401 2 bytes JMP 7658b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000762b1419 2 bytes JMP 7658b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000762b1431 2 bytes JMP 76608fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000762b144a 2 bytes CALL 7656489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000762b14dd 2 bytes JMP 766088c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000762b14f5 2 bytes JMP 76608aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000762b150d 2 bytes JMP 766087ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000762b1525 2 bytes JMP 76608b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000762b153d 2 bytes JMP 7657fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000762b1555 2 bytes JMP 765868ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000762b156d 2 bytes JMP 76609089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000762b1585 2 bytes JMP 76608bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000762b159d 2 bytes JMP 7660877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000762b15b5 2 bytes JMP 7657fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000762b15cd 2 bytes JMP 7658b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000762b16b2 2 bytes JMP 76608f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1752] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000762b16bd 2 bytes JMP 76608713 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000100070230 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000100070350 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000100070290 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000100070330 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000100070250 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000100070490 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000100070200 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000100070420 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000100070430 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\taskeng.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000100070280 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\System32\igfxtray.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Program Files (x86)\Internet Speed Checker\c8294fb5-131e-4f64-94e5-0b011c65b0f4.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\System32\hkcmd.exe[2276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\System32\igfxpers.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762b1401 2 bytes JMP 7658b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762b1419 2 bytes JMP 7658b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762b1431 2 bytes JMP 76608fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762b144a 2 bytes CALL 7656489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762b14dd 2 bytes JMP 766088c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762b14f5 2 bytes JMP 76608aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762b150d 2 bytes JMP 766087ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762b1525 2 bytes JMP 76608b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762b153d 2 bytes JMP 7657fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762b1555 2 bytes JMP 765868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762b156d 2 bytes JMP 76609089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762b1585 2 bytes JMP 76608bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762b159d 2 bytes JMP 7660877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762b15b5 2 bytes JMP 7657fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762b15cd 2 bytes JMP 7658b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762b16b2 2 bytes JMP 76608f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762b16bd 2 bytes JMP 76608713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\System32\svchost.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762b1401 2 bytes JMP 7658b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762b1419 2 bytes JMP 7658b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762b1431 2 bytes JMP 76608fd1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762b144a 2 bytes CALL 7656489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762b14dd 2 bytes JMP 766088c4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762b14f5 2 bytes JMP 76608aa0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762b150d 2 bytes JMP 766087ba C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762b1525 2 bytes JMP 76608b8a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762b153d 2 bytes JMP 7657fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762b1555 2 bytes JMP 765868ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762b156d 2 bytes JMP 76609089 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762b1585 2 bytes JMP 76608bea C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762b159d 2 bytes JMP 7660877e C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762b15b5 2 bytes JMP 7657fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762b15cd 2 bytes JMP 7658b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762b16b2 2 bytes JMP 76608f4c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c\plugincontainer.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762b16bd 2 bytes JMP 76608713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762b1401 2 bytes JMP 7658b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762b1419 2 bytes JMP 7658b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762b1431 2 bytes JMP 76608fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762b144a 2 bytes CALL 7656489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762b14dd 2 bytes JMP 766088c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762b14f5 2 bytes JMP 76608aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762b150d 2 bytes JMP 766087ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762b1525 2 bytes JMP 76608b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762b153d 2 bytes JMP 7657fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762b1555 2 bytes JMP 765868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762b156d 2 bytes JMP 76609089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762b1585 2 bytes JMP 76608bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762b159d 2 bytes JMP 7660877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762b15b5 2 bytes JMP 7657fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762b15cd 2 bytes JMP 7658b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762b16b2 2 bytes JMP 76608f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\1a0254e4-d458-47fa-82a0-6940ee729f6c\updater.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762b16bd 2 bytes JMP 76608713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\system32\SearchIndexer.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2408] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076568781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778bda60 5 bytes JMP 0000000077a20460 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778bdab0 5 bytes JMP 0000000077a20450 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778bdc10 5 bytes JMP 0000000077a20370 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778bdc60 5 bytes JMP 0000000077a20470 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778bdc70 5 bytes JMP 0000000077a203e0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778bdd20 5 bytes JMP 0000000077a20320 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778bdd50 5 bytes JMP 0000000077a203b0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778bdd70 5 bytes JMP 0000000077a20390 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778bddb0 5 bytes JMP 0000000077a202e0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778bde30 5 bytes JMP 0000000077a202d0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778bde50 5 bytes JMP 0000000077a20310 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778bde90 5 bytes JMP 0000000077a203c0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778bdee0 5 bytes JMP 0000000077a203f0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778be040 5 bytes JMP 0000000077a20230 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778be200 5 bytes JMP 0000000077a20480 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778be230 5 bytes JMP 0000000077a203a0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778be310 5 bytes JMP 0000000077a202f0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778be320 5 bytes JMP 0000000077a20350 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778be380 5 bytes JMP 0000000077a20290 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778be410 5 bytes JMP 0000000077a202b0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778be430 5 bytes JMP 0000000077a203d0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778be440 5 bytes JMP 0000000077a20330 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778be4b0 5 bytes JMP 0000000077a20410 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778be4e0 5 bytes JMP 0000000077a20240 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778be7a0 5 bytes JMP 0000000077a201e0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778be860 5 bytes JMP 0000000077a20250 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778be890 5 bytes JMP 0000000077a20490 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778be8a0 5 bytes JMP 0000000077a204a0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778be8d0 5 bytes JMP 0000000077a20300 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778be8e0 5 bytes JMP 0000000077a20360 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778be940 5 bytes JMP 0000000077a202a0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778be990 5 bytes JMP 0000000077a202c0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778be9c0 5 bytes JMP 0000000077a20380 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778be9d0 5 bytes JMP 0000000077a20340 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778becc0 5 bytes JMP 0000000077a20440 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778beec0 5 bytes JMP 0000000077a20260 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778beed0 5 bytes JMP 0000000077a20270 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778beee0 5 bytes JMP 0000000077a20400 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778bf0a0 5 bytes JMP 0000000077a201f0 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778bf0b0 5 bytes JMP 0000000077a20210 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778bf120 5 bytes JMP 0000000077a20200 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778bf180 5 bytes JMP 0000000077a20420 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778bf190 5 bytes JMP 0000000077a20430 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778bf1a0 5 bytes JMP 0000000077a20220 .text C:\Windows\System32\svchost.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778bf280 5 bytes JMP 0000000077a20280 ---- Processes - GMER 2.1 ---- Library C:\Users\EWA\AppData\Local\Total Download\Bin\TotalDownload.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [1660](2015-09 000000006e2e0000 Library C:\Users\EWA\AppData\Local\Total Download\Bin\txxp.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [1660](2015-09-11 02:49:26) 0000000000b00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803058129c2 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b803058129c2 (not active ControlSet) ---- EOF - GMER 2.1 ----