GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-27 11:48:20 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000071 ATA_____ rev.1B02 232,89GB Running: fqljq753.exe; Driver: C:\Users\TDK\AppData\Local\Temp\uxriypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f1000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff800031f1042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000149950460 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000149950450 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000149950370 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000149950470 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 00000001499503e0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000149950320 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 00000001499503b0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000149950390 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 00000001499502e0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 00000001499502d0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000149950310 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 00000001499503c0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 00000001499503f0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000149950230 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000149950480 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 00000001499503a0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 00000001499502f0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000149950350 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000149950290 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 00000001499502b0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 00000001499503d0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000149950330 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000149950410 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000149950240 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 00000001499501e0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000149950250 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000149950490 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 00000001499504a0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000149950300 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000149950360 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 00000001499502a0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 00000001499502c0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000149950380 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000149950340 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000149950440 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000149950260 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000149950270 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000149950400 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 00000001499501f0 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000149950210 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000149950200 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000149950420 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000149950430 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000149950220 .text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000149950280 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\wininit.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000149950460 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000149950450 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000149950370 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000149950470 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 00000001499503e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000149950320 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 00000001499503b0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000149950390 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 00000001499502e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 00000001499502d0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000149950310 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 00000001499503c0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 00000001499503f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000149950230 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000149950480 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 00000001499503a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 00000001499502f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000149950350 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000149950290 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 00000001499502b0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 00000001499503d0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000149950330 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000149950410 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000149950240 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 00000001499501e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000149950250 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000149950490 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 00000001499504a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000149950300 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000149950360 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 00000001499502a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 00000001499502c0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000149950380 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000149950340 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000149950440 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000149950260 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000149950270 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000149950400 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 00000001499501f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000149950210 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000149950200 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000149950420 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000149950430 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000149950220 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000149950280 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\lsm.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\Explorer.EXE[1588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1824] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000761c8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\rundll32.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\taskeng.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\taskeng.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000100070460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000100070370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000100070470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000100070320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000100070390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000100070310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000100070230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000100070250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000100070490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\rundll32.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4188] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000761c8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\conhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 .text C:\Users\TDK\Desktop\a\OTL.exe[2436] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Users\TDK\Desktop\a\OTL.exe[2436] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d13b10 6 bytes {NOP ; JMP 0xffffffff8967cc4c} .text C:\Program Files\Internet Explorer\iexplore.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076d17ac0 6 bytes {NOP ; JMP 0xffffffff896788e4} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3560] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076f0c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3560] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076f11287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d41360 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d413b0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41510 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d41560 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d41570 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41620 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d41650 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d41670 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d416b0 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41730 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d41750 5 bytes JMP 0000000076ea0310 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d41790 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d417e0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d41940 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b00 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b30 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c10 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c20 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41c80 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d10 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d30 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41d40 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41db0 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41de0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d420a0 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d42160 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d42190 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d421a0 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d421d0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d421e0 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d42240 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d42290 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d422c0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d422d0 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d425c0 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d427c0 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d427d0 5 bytes JMP 0000000076ea0270 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d427e0 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d429a0 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d429b0 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a20 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42a80 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42a90 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42aa0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\AUDIODG.EXE[5416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42b80 5 bytes JMP 0000000076ea0280 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001064e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001064c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001065614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001065a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800106586c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\at2hlv0t \Device\Scsi\at2hlv0t1 fffffa8006ab22c0 Device \Driver\at2hlv0t \Device\Scsi\at2hlv0t1Port1Path0Target0Lun0 fffffa8006ab22c0 Device \FileSystem\Ntfs \Ntfs fffffa8003fea2c0 Device \FileSystem\fastfat \Fat fffffa80080e92c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8006a0e2c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa8003fe62c0 Device \Driver\cdrom \Device\CdRom0 fffffa800642f2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800642f2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8006a0e2c0 Device \Driver\iaStorA \Device\00000071 fffffa8003fe62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{431BD630-AA32-4B7D-85DB-2C8C2F393544} fffffa80068132c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8006a0e2c0 Device \Driver\iaStorA \Device\00000072 fffffa8003fe62c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80068132c0 Device \Driver\iaStorA \Device\ScsiPort0 fffffa8003fe62c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8006a0e2c0 Device \Driver\at2hlv0t \Device\ScsiPort1 fffffa8006ab22c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys >>UNKNOWN [0xfffffa8003fe62c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa8003fe62c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047cb060] fffffa80047cb060 Trace 3 CLASSPNP.SYS[fffff880015bf43f] -> nt!IofCallDriver -> [0xfffffa8004669a90] fffffa8004669a90 Trace 5 iaStorF.sys[fffff88001bf6168] -> nt!IofCallDriver -> \Device\00000071[0xfffffa80045458f0] fffffa80045458f0 Trace \Driver\iaStorA[0xfffffa80044b52b0] -> IRP_MJ_CREATE -> 0xfffffa8003fe62c0 fffffa8003fe62c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\at2hlv0t.SYS fffff88004e00000-fffff88004e51000 (331776 bytes) ---- Processes - GMER 2.1 ---- Library C:\ProgramData\LeuckyCoupOn\eaUnk.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [3560](2014-09-02 11:58: 00000000650b0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0x82 0x2E 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE9 0x41 0xE6 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x34 0x9C 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x28 0x53 0x16 0x2C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0x82 0x2E 0x0D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE9 0x41 0xE6 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF6 0xDA 0x53 0xB7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x28 0x53 0x16 0x2C ... ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data\applications 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data\applications\windows 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data\applications\windows\projects 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data\applications\windows\projects\systemindex 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010009.dir 4096 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\INDEX.001 65536 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\INDEX.002 65536 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 5 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\History 110592 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 37888 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\f_000001 42803 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\f_000002 31889 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\f_000003 140451 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Index 23552 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Application Cache\Index-journal 10832 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 794624 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 3153920 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000001 51699 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000002 129522 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000003 66626 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000004 56024 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000005 48976 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000006 22332 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000007 16712 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000008 19394 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000009 22091 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000a 76083 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000b 28077 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000c 21277 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000d 24263 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000e 18459 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000f 20273 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000011 19480 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000012 21689 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000013 28541 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000014 47800 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000015 64261 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000016 108612 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000017 22889 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000018 33088 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000019 18496 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001a 23035 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001b 25428 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001c 75242 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001d 20724 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001e 36031 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001f 52110 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000020 26331 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000021 20960 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000022 61589 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000023 41316 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000025 189136 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000026 20457 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000027 51841 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000028 516047 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000029 57473 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002a 101021 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002b 204790 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002c 56735 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002d 28913 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002e 26163 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002f 17077 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000030 28813 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000031 580757 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000032 32819 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000033 86353 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000034 25609 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000035 19919 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000036 19294 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000037 28779 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000039 47630 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003a 19430 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003b 18240 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003c 47395 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003d 38699 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003e 20139 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003f 31308 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000040 67957 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000041 24242 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000042 16421 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000043 21266 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000044 18311 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000045 23583 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000046 24005 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000047 22035 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000048 33303 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000049 62923 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004a 25104 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004b 65094 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004d 322791 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004e 31124 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004f 2278224 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000050 45318 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000051 2064589 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000052 39398 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000053 25552 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000054 63088 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000055 50075 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000056 42803 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000058 53091 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000059 55903 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005b 51913 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005c 64908 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005d 33471 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005e 33146 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005f 29785 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000060 53655 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000061 118858 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000064 23592 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000065 23040 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000066 536550 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000067 108053 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000068 59003 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000069 20179 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006a 108031 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006b 61229 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006c 17730 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006d 108049 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006e 19751 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006f 22453 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000070 157773 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000071 169374 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000072 149425 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000073 37689 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000074 20272 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000075 750567 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000076 341897 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000010 28734 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000024 127042 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000038 8501976 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004c 39286 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000062 30453 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000077 51308 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000078 80397 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000079 20280 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007a 32569 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007b 21899 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007c 91009 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007d 48657 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007e 32278 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007f 107272 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000080 202134 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000081 111447 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000082 68288 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000083 20272 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000084 20280 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000085 32569 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000086 32457 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000087 61559 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000088 20029 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000089 32964 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00008a 61527 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00008b 46062 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00008c 53716 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00008d 22991 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00008e 20042 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00008f 42253 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000090 36837 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000091 46062 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000092 32964 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000094 53716 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000097 119007 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000098 3233589 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_000099 20042 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00009a 54216 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\f_00009b 22991 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cache\index 262512 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cookies 70656 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Current Session 439171 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Current Tabs 95258 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\databases 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db 7168 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db-journal 5672 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\databases\http_joemonster.org_0 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\databases\http_joemonster.org_0\1 7168 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State\000005.ldb 262 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State\000008.ldb 261 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State\000011.ldb 262 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State\000012.log 171 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG 261 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG.old 254 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000010 353 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Favicons 38912 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Preferences 22786 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\QuotaManager 13312 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\QuotaManager-journal 8768 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\README 186 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Secure Preferences 18854 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage\000005.ldb 5303 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage\000008.ldb 207 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage\000011.ldb 4762 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage\000012.log 755 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOG 262 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOG.old 259 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Session Storage\MANIFEST-000010 247 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Shortcuts 20480 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\TransportSecurity 1275 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Web Data 71680 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 8736 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 16766 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\History-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\000005.bak 389 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\000005.ldb 389 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\000010.log 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\LOG 142 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\LOG.old 142 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\MANIFEST-000009 76 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\B064.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\B075.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\B076.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\B097.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\B0A7.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\B0C9.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\3B2A.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\3B3B.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\3B3C.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\3B5D.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\3B6D.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\3BBD.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Last Session 41201 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Last Tabs 17211 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_clients5.google.com_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_clients5.google.com_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_www.google.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_www.google.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_www.youtube.com_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_www.youtube.com_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_joemonster.org_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_joemonster.org_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.orange.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.orange.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Login Data 12288 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Login Data-journal 8736 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\f_000001 1048576 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\f_000002 1048576 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\f_000003 595735 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\f_000004 17300 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\f_000005 47379 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\f_000006 333682 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Default\Media Cache\index 262512 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Local State 18014 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pl-PL-3-0.bdic 3233589 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\manifest.fingerprint 66 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\manifest.json 572 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_metadata 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_metadata\verified_contents.json 3030 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_pnacl_json 439 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o 2520 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o 2304 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o 1702 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe 2163856 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a 13220 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a 62216 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_eh_a 187044 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a 4756 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a 2030 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\pnacl\0.1.0.13625\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe 10028176 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Safe Browsing Bloom 3375612 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Safe Browsing Bloom Prefix Set 745954 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 4640 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Safe Browsing Csd Whitelist 112868 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Safe Browsing Download 1745180 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Safe Browsing Download Whitelist 13788 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Safe Browsing Extension Blacklist 37912 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\sfzone_profile\Safe Browsing IP Blacklist 1196 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Local\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Local\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 128 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Local\Temp\scoped_dir5820_7721 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Local\Temp\scoped_dir5820_7721\output.0.emf 1145828 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Roaming\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Roaming\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Roaming\Microsoft\Windows\Recent 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\71046221745a318b.customDestinations-ms 13724 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\Downloads 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Users\TDK\Downloads\Potwierdzenie wykonania przelewu.pdf 142242 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Windows\Prefetch\CTFMON.EXE-79423C0A.pf 23538 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Windows\Prefetch\DLLHOST.EXE-491E9D91.pf 50292 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-74FF4DA2.pf 40766 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\C\Windows\Prefetch\SPLWOW64.EXE-FBA11EAB.pf 44648 bytes File C:\avast! sandbox\S-1-5-21-2617819357-3465552758-715086167-1000\sfzone\snx_fs.dat 54358 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 29696 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{497353f1-7610-11e4-a7a5-94de80ef34a5}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{497353f1-7610-11e4-a7a5-94de80ef34a5}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{497353f1-7610-11e4-a7a5-94de80ef34a5}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----