Code:
Alles auswählen Aufklappen ATTFilter
00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1000] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\atiesrxx.exe[536] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000100070460
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000100070450
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000100070370
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000100070470
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000001000703e0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000100070320
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000001000703b0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000100070390
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000001000702e0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000001000702d0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000100070310
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000001000703c0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000001000703f0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000100070230
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000100070480
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000001000703a0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000001000702f0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000100070350
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000100070290
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000001000702b0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000001000703d0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000100070330
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000100070410
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000100070240
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000001000701e0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000100070250
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000100070490
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000001000704a0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000100070300
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000100070360
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000001000702a0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000001000702c0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000100070380
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000100070340
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000100070440
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000100070260
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000100070270
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000100070400
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000001000701f0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000100070210
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000100070200
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000100070420
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000100070430
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000100070220
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000100070280
.text C:\windows\System32\svchost.exe[672] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[792] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
09.04.2015, 12:46
Baum-Darstellung