GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-29 17:12:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB Running: f7g3m7w6.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000149ba0460 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000149ba0450 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000149ba0370 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000149ba0470 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 0000000149ba03e0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000149ba0320 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 0000000149ba03b0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000149ba0390 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 0000000149ba02e0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 0000000149ba02d0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000149ba0310 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 0000000149ba03c0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 0000000149ba03f0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000149ba0230 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000149ba0480 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 0000000149ba03a0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 0000000149ba02f0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000149ba0350 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000149ba0290 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 0000000149ba02b0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 0000000149ba03d0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000149ba0330 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000149ba0410 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000149ba0240 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 0000000149ba01e0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000149ba0250 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000149ba0490 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 0000000149ba04a0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000149ba0300 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000149ba0360 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 0000000149ba02a0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 0000000149ba02c0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000149ba0380 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000149ba0340 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000149ba0440 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000149ba0260 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000149ba0270 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000149ba0400 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 0000000149ba01f0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000149ba0210 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000149ba0200 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000149ba0420 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000149ba0430 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000149ba0220 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000149ba0280 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000149ba0460 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000149ba0450 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000149ba0370 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000149ba0470 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 0000000149ba03e0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000149ba0320 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 0000000149ba03b0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000149ba0390 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 0000000149ba02e0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 0000000149ba02d0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000149ba0310 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 0000000149ba03c0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 0000000149ba03f0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000149ba0230 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000149ba0480 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 0000000149ba03a0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 0000000149ba02f0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000149ba0350 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000149ba0290 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 0000000149ba02b0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 0000000149ba03d0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000149ba0330 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000149ba0410 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000149ba0240 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 0000000149ba01e0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000149ba0250 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000149ba0490 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 0000000149ba04a0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000149ba0300 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000149ba0360 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 0000000149ba02a0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 0000000149ba02c0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000149ba0380 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000149ba0340 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000149ba0440 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000149ba0260 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000149ba0270 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000149ba0400 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 0000000149ba01f0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000149ba0210 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000149ba0200 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000149ba0420 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000149ba0430 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000149ba0220 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000149ba0280 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\AUDIODG.EXE[1108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\Dwm.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\Explorer.EXE[1644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\taskhost.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000753b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75] .text ... * 2 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!DbgBreakPoint 0000000077220590 3 bytes [8B, 40, 30] .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2512] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000753b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75] .text ... * 2 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\conhost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000100070460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000100070370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000100070470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000100070320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000100070390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000100070310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000100070230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000100070250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000100070490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\wbem\wmiprvse.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\SearchIndexer.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\System32\svchost.exe[192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75] .text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75] .text ... * 2 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077221360 5 bytes JMP 0000000077380460 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772213b0 5 bytes JMP 0000000077380450 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077221510 5 bytes JMP 0000000077380370 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077221560 5 bytes JMP 0000000077380470 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077221570 5 bytes JMP 00000000773803e0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077221620 5 bytes JMP 0000000077380320 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077221650 5 bytes JMP 00000000773803b0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077221670 5 bytes JMP 0000000077380390 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772216b0 5 bytes JMP 00000000773802e0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077221730 5 bytes JMP 00000000773802d0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077221750 5 bytes JMP 0000000077380310 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077221790 5 bytes JMP 00000000773803c0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772217e0 5 bytes JMP 00000000773803f0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077221940 5 bytes JMP 0000000077380230 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077221b00 5 bytes JMP 0000000077380480 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077221b30 5 bytes JMP 00000000773803a0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077221c10 5 bytes JMP 00000000773802f0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077221c20 5 bytes JMP 0000000077380350 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077221c80 5 bytes JMP 0000000077380290 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077221d10 5 bytes JMP 00000000773802b0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077221d30 5 bytes JMP 00000000773803d0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077221d40 5 bytes JMP 0000000077380330 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077221db0 5 bytes JMP 0000000077380410 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077221de0 5 bytes JMP 0000000077380240 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772220a0 5 bytes JMP 00000000773801e0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077222160 5 bytes JMP 0000000077380250 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077222190 5 bytes JMP 0000000077380490 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772221a0 5 bytes JMP 00000000773804a0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772221d0 5 bytes JMP 0000000077380300 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772221e0 5 bytes JMP 0000000077380360 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077222240 5 bytes JMP 00000000773802a0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077222290 5 bytes JMP 00000000773802c0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772222c0 5 bytes JMP 0000000077380380 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772222d0 5 bytes JMP 0000000077380340 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772225c0 5 bytes JMP 0000000077380440 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772227c0 5 bytes JMP 0000000077380260 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772227d0 5 bytes JMP 0000000077380270 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772227e0 5 bytes JMP 0000000077380400 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772229a0 5 bytes JMP 00000000773801f0 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772229b0 5 bytes JMP 0000000077380210 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077222a20 5 bytes JMP 0000000077380200 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077222a80 5 bytes JMP 0000000077380420 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077222a90 5 bytes JMP 0000000077380430 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077222aa0 5 bytes JMP 0000000077380220 .text C:\Windows\system32\conhost.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077222b80 5 bytes JMP 0000000077380280 .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.5383\Battle.net.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75] .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.5383\Battle.net.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2384:3736] 0000000075837587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2384:3812] 000000006fad8aa6 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2384:3724] 0000000077402e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2384:4468] 0000000077403e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2384:5932] 0000000077403e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2384:1924] 0000000077403e85 ---- Processes - GMER 2.1 ---- Library C:\Users\user\AppData\Local\Temp\70aeaca4-098f-4bcc-b0fa-e2544fb40678\CliSecureRT64.dll (*** suspicious ***) @ C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [2496](2014-05-27 05:48:23) 0000000180000000 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps 2764 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin 1 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-11 200704 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Archived History 249856 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Archived History-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000010 25939 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000024 21842 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000038 22482 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 532480 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000001 23218 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000002 55543 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000003 20489 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000004 22956 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000005 34312 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000006 38344 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000007 34996 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000008 41920 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000009 31821 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000a 53228 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000b 291277 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000c 17244 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000d 44875 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000e 26059 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000f 80293 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000011 16593 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000012 20261 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000013 23249 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000014 22609 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000015 22042 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000016 21866 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000017 18703 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000018 20062 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000019 19686 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001a 30048 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001b 17053 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001c 27446 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001d 28238 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001e 22207 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001f 20166 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000020 18055 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000021 20029 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000022 25541 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000023 34442 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000025 19054 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000026 21266 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000027 17645 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000028 65002 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000029 19453 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002a 28295 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002b 18171 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002c 61434 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002d 149508 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002e 94633 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002f 60999 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000030 35288 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000031 19089 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000032 18107 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000033 31505 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000034 31052 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000035 18844 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000036 28972 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000037 36328 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000039 21302 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003a 29263 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003b 38672 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003c 20071 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003d 32555 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003e 26693 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003f 17417 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000040 22356 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000041 25009 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000042 21537 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000043 21883 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000044 22905 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000045 31655 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000046 19941 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000047 18648 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000048 21922 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000049 35221 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004a 24745 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004b 26263 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004c 25086 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004d 32267 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cookies 31744 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Current Session 98541 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db-journal 5672 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\http_www.fotka.pl_0 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\http_www.fotka.pl_0\1 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\000003.log 190 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOG 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\000003.log 285 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History 466944 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-04 258048 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-04-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-10 36864 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-10-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-11-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-02 73728 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-02-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-03 409600 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-03-journal 49760 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 28723 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History-journal 25136 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\BFA4.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\BFA5.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\BFA6.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_spolecznosci.net_0.localstorage 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_spolecznosci.net_0.localstorage-journal 7736 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.fotka.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.fotka.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.youtube.com_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.youtube.com_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 23552 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Preferences 14164 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\QuotaManager 13312 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\QuotaManager-journal 8768 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\README 186 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\000003.log 508 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 8720 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Web Data 77824 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Local State 14170 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 128 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com\server-static-files 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com\server-static-files\bbnaut-b.swf 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com\server-static-files\bbnaut-b.swf\bbcookie.sol 73 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\s.ytimg.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bbcdn-bbnaut.ibillboard.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bbcdn-bbnaut.ibillboard.com\settings.sol 97 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 3429 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\98e247023708b752.customDestinations-ms 8287 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-EA1E6E17.pf 28922 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\snx_fs.dat 34192 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 37888 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{09b1705f-a7a3-11e3-99a9-8c89a55524ba}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{09b1705f-a7a3-11e3-99a9-8c89a55524ba}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{09b1705f-a7a3-11e3-99a9-8c89a55524ba}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----