GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-14 20:50:22 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST920042 rev.3.AA 186,31GB Running: imogji5h.exe; Driver: C:\Users\Asus\AppData\Local\Temp\kxldrpoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000149c50460 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000149c50450 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000149c50370 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000149c50470 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000149c503e0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000149c50320 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000149c503b0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000149c50390 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000149c502e0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000149c50440 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000149c502d0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000149c50310 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000149c503c0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000149c503f0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000149c50230 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000149c50480 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000149c503a0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000149c502f0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000149c50350 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000149c50290 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000149c502b0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000149c503d0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000149c50330 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000149c50410 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000149c50240 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000149c501e0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000149c50250 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000149c50490 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000149c504a0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000149c50300 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000149c50360 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000149c502a0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000149c502c0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000149c50380 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000149c50340 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000149c50260 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000149c50270 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000149c50400 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000149c501f0 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000149c50210 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000149c50200 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000149c50420 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000149c50430 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000149c50220 .text C:\Windows\system32\csrss.exe[640] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000149c50280 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000149c50460 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000149c50450 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000149c50370 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000149c50470 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000149c503e0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000149c50320 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000149c503b0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000149c50390 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000149c502e0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000149c50440 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000149c502d0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000149c50310 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000149c503c0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000149c503f0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000149c50230 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000149c50480 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000149c503a0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000149c502f0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000149c50350 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000149c50290 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000149c502b0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000149c503d0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000149c50330 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000149c50410 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000149c50240 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000149c501e0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000149c50250 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000149c50490 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000149c504a0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000149c50300 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000149c50360 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000149c502a0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000149c502c0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000149c50380 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000149c50340 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000149c50260 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000149c50270 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000149c50400 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000149c501f0 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000149c50210 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000149c50200 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000149c50420 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000149c50430 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000149c50220 .text C:\Windows\system32\csrss.exe[708] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000149c50280 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\lsm.exe[772] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\winlogon.exe[876] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\System32\svchost.exe[664] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\System32\svchost.exe[800] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\svchost.exe[696] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\SLsvc.exe[1108] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000100060460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000100060450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000100060370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000100060470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 00000001000603e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000100060320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 00000001000603b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000100060390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 00000001000602e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000100060440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 00000001000602d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000100060310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 00000001000603c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 00000001000603f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000100060230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000100060480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 00000001000603a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 00000001000602f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000100060350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000100060290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 00000001000602b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 00000001000603d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000100060330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000100060410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000100060240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 00000001000601e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000100060250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000100060490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 00000001000604a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000100060300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000100060360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 00000001000602a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 00000001000602c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000100060380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000100060340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000100060260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000100060270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000100060400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 00000001000601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000100060210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000100060200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000100060420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000100060430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000100060220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000100060280 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000100060460 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000100060450 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000100060370 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000100060470 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000100060320 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000100060390 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000100060310 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000100060230 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000100060480 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000100060350 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000100060290 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000100060330 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000100060410 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000100060250 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000100060490 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000100060300 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000100060360 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000100060380 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000100060340 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000100060260 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000100060270 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000100060400 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000100060200 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000100060420 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000100060430 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\svchost.exe[1892] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000100060280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1980] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Program Files\OO Software\Defrag\oodag.exe[2072] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\SearchIndexer.exe[2420] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\taskeng.exe[3044] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\taskeng.exe[4044] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1724] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\SysWOW64\ACEngSvr.exe[3556] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Program Files\OO Software\Defrag\oodtray.exe[1188] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000100200460 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000100200450 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000100200370 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000100200470 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 00000001002003e0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000100200320 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 00000001002003b0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000100200390 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 00000001002002e0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000100200440 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 00000001002002d0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000100200310 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 00000001002003c0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 00000001002003f0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000100200230 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000100200480 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 00000001002003a0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 00000001002002f0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000100200350 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000100200290 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 00000001002002b0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 00000001002003d0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000100200330 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000100200410 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000100200240 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 00000001002001e0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000100200250 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000100200490 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 00000001002004a0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000100200300 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000100200360 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 00000001002002a0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 00000001002002c0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000100200380 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000100200340 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000100200260 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000100200270 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000100200400 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 00000001002001f0 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000100200210 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000100200200 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000100200420 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000100200430 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000100200220 .text C:\Program Files (x86)\CTS\Tray\CTSTray.exe[3500] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000100200280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2548] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076501ab6 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Windows\system32\conime.exe[4836] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3616] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077c36f20 5 bytes JMP 0000000077d80460 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077c36f70 5 bytes JMP 0000000077d80450 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtOpenProcess 0000000077c370d0 5 bytes JMP 0000000077d80370 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c37120 5 bytes JMP 0000000077d80470 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077c37130 5 bytes JMP 0000000077d803e0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtOpenSection 0000000077c371e0 5 bytes JMP 0000000077d80320 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077c37210 5 bytes JMP 0000000077d803b0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077c37230 5 bytes JMP 0000000077d80390 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077c37270 5 bytes JMP 0000000077d802e0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtQueueApcThread 0000000077c372c0 5 bytes JMP 0000000077d80440 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtCreateEvent 0000000077c372f0 5 bytes JMP 0000000077d802d0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077c37310 5 bytes JMP 0000000077d80310 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077c37350 5 bytes JMP 0000000077d803c0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtTerminateThread 0000000077c373a0 5 bytes JMP 0000000077d803f0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077c37510 5 bytes JMP 0000000077d80230 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c376c0 5 bytes JMP 0000000077d80480 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 0000000077c376f0 5 bytes JMP 0000000077d803a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtCreateEventPair 0000000077c377e0 5 bytes JMP 0000000077d802f0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 0000000077c377f0 5 bytes JMP 0000000077d80350 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077c37850 5 bytes JMP 0000000077d80290 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 0000000077c378d0 5 bytes JMP 0000000077d802b0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 0000000077c378f0 5 bytes JMP 0000000077d803d0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077c37900 5 bytes JMP 0000000077d80330 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077c37970 5 bytes JMP 0000000077d80410 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 0000000077c379a0 5 bytes JMP 0000000077d80240 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077c37c30 5 bytes JMP 0000000077d801e0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077c37cf0 5 bytes JMP 0000000077d80250 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077c37d20 5 bytes JMP 0000000077d80490 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c37d30 5 bytes JMP 0000000077d804a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077c37d50 5 bytes JMP 0000000077d80300 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077c37d60 5 bytes JMP 0000000077d80360 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077c37da0 5 bytes JMP 0000000077d802a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077c37df0 5 bytes JMP 0000000077d802c0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077c37e20 5 bytes JMP 0000000077d80380 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077c37e30 5 bytes JMP 0000000077d80340 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077c38310 5 bytes JMP 0000000077d80260 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077c38320 5 bytes JMP 0000000077d80270 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077c38330 5 bytes JMP 0000000077d80400 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 0000000077c384e0 5 bytes JMP 0000000077d801f0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 0000000077c384f0 5 bytes JMP 0000000077d80210 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077c38550 5 bytes JMP 0000000077d80200 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtSuspendProcess 0000000077c385b0 5 bytes JMP 0000000077d80420 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtSuspendThread 0000000077c385c0 5 bytes JMP 0000000077d80430 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 0000000077c385d0 5 bytes JMP 0000000077d80220 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\system32\ntdll.dll!NtVdmControl 0000000077c386a0 5 bytes JMP 0000000077d80280 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077de17d7 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077de3221 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076c00827 5 bytes JMP 0000000167bea25c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076c1081c 5 bytes JMP 0000000167d3db41 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c12483 5 bytes JMP 0000000167d3dba6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076c14b7c 5 bytes JMP 0000000167d3dac8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076c29b0b 5 bytes JMP 0000000167d3da4f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c35fb7 5 bytes JMP 0000000167b418e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076c36397 5 bytes JMP 0000000167d3dc0b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076c4d3ad 5 bytes JMP 0000000167d3d9eb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076c4d3d1 5 bytes JMP 0000000167d3d987 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000769070a6 5 bytes JMP 0000000167d3ddc0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007375881c 5 bytes JMP 0000000167d3dc70 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000073758834 5 bytes JMP 0000000167d3dd18 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5316] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076e5ed29 5 bytes JMP 0000000167d3dfb8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077de17d7 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077de3221 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e24572 6 bytes JMP 0000000167ba9729 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077e2457d 6 bytes JMP 0000000167c07c92 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\KERNEL32.dll!CreateThread 0000000076508352 5 bytes JMP 0000000167ba74fb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076bf7bb3 5 bytes JMP 0000000167c07c2f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c0010d 5 bytes JMP 0000000167c2e1b8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c003d2 5 bytes JMP 0000000167be2944 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076c00827 5 bytes JMP 0000000167bea25c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c017ea 5 bytes JMP 0000000167c0ffdf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076c0280d 5 bytes JMP 0000000167bb353b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076c1081c 5 bytes JMP 0000000167d3db41 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c12483 5 bytes JMP 0000000167d3dba6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076c14b7c 5 bytes JMP 0000000167d3dac8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076c29b0b 5 bytes JMP 0000000167d3da4f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c35fb7 5 bytes JMP 0000000167b418e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076c36397 5 bytes JMP 0000000167d3dc0b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076c4d3ad 5 bytes JMP 0000000167d3d9eb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076c4d3d1 5 bytes JMP 0000000167d3d987 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077141e80 5 bytes JMP 0000000167d3e374 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000768a3df0 5 bytes JMP 0000000167d3e4ea .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000768a3e40 5 bytes JMP 0000000167d3e46c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000768a462b 5 bytes JMP 0000000167d3e3de .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000768a74bc 5 bytes JMP 0000000167d3e48a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000769070a6 5 bytes JMP 0000000167d3ddc0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007375881c 5 bytes JMP 0000000167d3dc70 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000073758834 5 bytes JMP 0000000167d3dd18 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5180] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076e5ed29 5 bytes JMP 0000000167d3dfb8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077de17d7 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077de3221 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e24572 6 bytes JMP 0000000167ba9729 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077e2457d 6 bytes JMP 0000000167c07c92 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\KERNEL32.dll!CreateThread 0000000076508352 5 bytes JMP 0000000167ba74fb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076bf7bb3 5 bytes JMP 0000000167c07c2f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c0010d 5 bytes JMP 0000000167c2e1b8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c003d2 5 bytes JMP 0000000167be2944 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076c00827 5 bytes JMP 0000000167bea25c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c017ea 5 bytes JMP 0000000167c0ffdf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076c0280d 5 bytes JMP 0000000167bb353b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076c1081c 5 bytes JMP 0000000167d3db41 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c12483 5 bytes JMP 0000000167d3dba6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076c14b7c 5 bytes JMP 0000000167d3dac8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076c29b0b 5 bytes JMP 0000000167d3da4f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c35fb7 5 bytes JMP 0000000167b418e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076c36397 5 bytes JMP 0000000167d3dc0b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076c4d3ad 5 bytes JMP 0000000167d3d9eb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076c4d3d1 5 bytes JMP 0000000167d3d987 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077141e80 5 bytes JMP 0000000167d3e374 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000768a3df0 5 bytes JMP 0000000167d3e4ea .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000768a3e40 5 bytes JMP 0000000167d3e46c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000768a462b 5 bytes JMP 0000000167d3e3de .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000768a74bc 5 bytes JMP 0000000167d3e48a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000769070a6 5 bytes JMP 0000000167d3ddc0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007375881c 5 bytes JMP 0000000167d3dc70 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000073758834 5 bytes JMP 0000000167d3dd18 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3268] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076e5ed29 5 bytes JMP 0000000167d3dfb8 ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\CTS\Tray\CTSTray.exe [3500:3284] 000007fef0e489d4 Thread C:\Program Files (x86)\CTS\Tray\CTSTray.exe [3500:2888] 000007fef0e4cce0 Thread C:\Program Files (x86)\CTS\Tray\CTSTray.exe [3500:4088] 000007fefc37b8f4 Thread C:\Program Files (x86)\CTS\Tray\CTSTray.exe [3500:2312] 000007fef0ced7d4 Thread C:\Program Files (x86)\CTS\Tray\CTSTray.exe [3500:908] 000007fef0e4cce0 ---- Processes - GMER 2.1 ---- Process C:\ASUS.SYS\config\DVMExportService.exe (*** suspicious ***) @ C:\ASUS.SYS\config\DVMExportService.exe [1728] (DVMExport Application/DeviceVM)(2008-11- 0000000000400000 Library C:\Users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1156] (Dropbox Shell Extension/Dropbox, Inc.)(2015-02-11 01:12:10) 000007fef81b0000 Process C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2360] (Dropbox/Dropbox, Inc.)(2015-05-05 03:08:32) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{34f4917e-fa79-4cf4-b2a0-881155339794}@Dhcpv6State 0 ---- Files - GMER 2.1 ---- File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00e0c6 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00edee 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143ec 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143ed 1710137 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143ee 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143ef 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f0 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f1 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f2 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f3 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f4 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f5 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f6 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f7 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f8 31288 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143f9 23202 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0143fa 28907 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000146 40198 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00d8c2 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_013f69 37135 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_013e49 73958 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_013e8d 29728 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_013ea1 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00d7e4 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_014077 54783 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_01407a 122175 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_01407c 36962 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_013aab 38500 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_013ac3 49275 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00da45 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_014001 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_01402a 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_01403c 77019 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_014064 48648 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00d9c7 50359 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00edf2 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00ec24 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_011360 117586 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_011368 56396 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00be04 91891 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c9e4 36516 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c9e6 48682 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00f371 18956 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0103b4 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00cc1a 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c51d 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c522 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00ef01 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00f42f 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a1d6 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c9e7 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00d74d 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00d8c6 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00e20b 0 bytes File C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00e39b 0 bytes ---- EOF - GMER 2.1 ----