GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-24 21:13:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 WDC_WD5000AAKX-00ERMA0 rev.15.01H15 465,76GB Running: jhnmqgsg.exe; Driver: C:\Users\Soya\AppData\Local\Temp\kxldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 000000014a530460 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 000000014a530450 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 000000014a530370 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 000000014a530470 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 000000014a5303e0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 000000014a530320 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 000000014a5303b0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 000000014a530390 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 000000014a5302e0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 000000014a5302d0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 000000014a530310 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 000000014a5303c0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 000000014a5303f0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 000000014a530230 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 000000014a530480 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 000000014a5303a0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 000000014a5302f0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 000000014a530350 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 000000014a530290 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 000000014a5302b0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 000000014a5303d0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 000000014a530330 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 000000014a530410 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 000000014a530240 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 000000014a5301e0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 000000014a530250 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 000000014a530490 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 000000014a5304a0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 000000014a530300 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 000000014a530360 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 000000014a5302a0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 000000014a5302c0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 000000014a530380 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 000000014a530340 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 000000014a530440 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 000000014a530260 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 000000014a530270 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 000000014a530400 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 000000014a5301f0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 000000014a530210 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 000000014a530200 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 000000014a530420 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 000000014a530430 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 000000014a530220 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 000000014a530280 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\wininit.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\nvvsvc.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[1772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100070460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100070450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100070370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100070470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000703e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100070320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000703b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100070390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000702e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000702d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100070310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000703c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000703f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100070230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100070480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000703a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000702f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100070350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100070290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000702b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000703d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100070330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100070410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100070240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000701e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100070250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100070490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000704a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100070300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100070360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000702a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000702c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100070380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100070340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100070440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100070260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100070270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100070400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000701f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100070210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100070200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100070420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100070430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100070220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759b1401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759b1419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759b1431 2 bytes JMP 773b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759b144a 2 bytes CALL 773148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759b14dd 2 bytes JMP 773b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759b14f5 2 bytes JMP 773b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759b150d 2 bytes JMP 773b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759b1525 2 bytes JMP 773b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759b153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759b1555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759b156d 2 bytes JMP 773b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759b1585 2 bytes JMP 773b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759b159d 2 bytes JMP 773b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759b15b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759b15cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759b16b2 2 bytes JMP 773b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759b16bd 2 bytes JMP 773b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759b1401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759b1419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759b1431 2 bytes JMP 773b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759b144a 2 bytes CALL 773148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759b14dd 2 bytes JMP 773b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759b14f5 2 bytes JMP 773b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759b150d 2 bytes JMP 773b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759b1525 2 bytes JMP 773b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759b153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759b1555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759b156d 2 bytes JMP 773b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759b1585 2 bytes JMP 773b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759b159d 2 bytes JMP 773b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759b15b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759b15cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759b16b2 2 bytes JMP 773b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759b16bd 2 bytes JMP 773b85f1 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2708] entry point in ".rdata" section 000000006bf971e6 .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000072bc17fa 2 bytes CALL 773111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072bc1860 2 bytes CALL 773111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072bc1942 2 bytes JMP 77177089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000072bc194d 2 bytes JMP 7717cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759b1401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759b1419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759b1431 2 bytes JMP 773b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759b144a 2 bytes CALL 773148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759b14dd 2 bytes JMP 773b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759b14f5 2 bytes JMP 773b8978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759b150d 2 bytes JMP 773b8698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759b1525 2 bytes JMP 773b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759b153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759b1555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759b156d 2 bytes JMP 773b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759b1585 2 bytes JMP 773b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759b159d 2 bytes JMP 773b865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759b15b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759b15cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759b16b2 2 bytes JMP 773b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759b16bd 2 bytes JMP 773b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100060460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100060450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100060370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100060470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100060320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100060390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100060310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100060230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100060480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100060350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100060290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100060330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100060410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100060240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100060250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100060490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000604a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100060300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100060360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100060380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100060340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100060440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100060260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100060270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100060400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100060210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100060200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100060420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100060430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100060220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100060280 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\System32\rundll32.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[3980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\wbem\wmiprvse.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759b1401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759b1419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759b1431 2 bytes JMP 773b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759b144a 2 bytes CALL 773148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759b14dd 2 bytes JMP 773b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759b14f5 2 bytes JMP 773b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759b150d 2 bytes JMP 773b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759b1525 2 bytes JMP 773b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759b153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759b1555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759b156d 2 bytes JMP 773b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759b1585 2 bytes JMP 773b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759b159d 2 bytes JMP 773b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759b15b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759b15cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759b16b2 2 bytes JMP 773b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759b16bd 2 bytes JMP 773b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759b1401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759b1419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759b1431 2 bytes JMP 773b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759b144a 2 bytes CALL 773148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759b14dd 2 bytes JMP 773b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759b14f5 2 bytes JMP 773b8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759b150d 2 bytes JMP 773b8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759b1525 2 bytes JMP 773b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759b153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759b1555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759b156d 2 bytes JMP 773b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759b1585 2 bytes JMP 773b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759b159d 2 bytes JMP 773b865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759b15b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759b15cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759b16b2 2 bytes JMP 773b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759b16bd 2 bytes JMP 773b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759b1401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759b1419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759b1431 2 bytes JMP 773b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759b144a 2 bytes CALL 773148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759b14dd 2 bytes JMP 773b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759b14f5 2 bytes JMP 773b8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759b150d 2 bytes JMP 773b8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759b1525 2 bytes JMP 773b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759b153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759b1555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759b156d 2 bytes JMP 773b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759b1585 2 bytes JMP 773b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759b159d 2 bytes JMP 773b865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759b15b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759b15cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759b16b2 2 bytes JMP 773b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Soya\AppData\Local\Akamai\netsession_win.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759b16bd 2 bytes JMP 773b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077318791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759b1401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759b1419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759b1431 2 bytes JMP 773b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759b144a 2 bytes CALL 773148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759b14dd 2 bytes JMP 773b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759b14f5 2 bytes JMP 773b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759b150d 2 bytes JMP 773b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759b1525 2 bytes JMP 773b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759b153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759b1555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759b156d 2 bytes JMP 773b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759b1585 2 bytes JMP 773b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759b159d 2 bytes JMP 773b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759b15b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759b15cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759b16b2 2 bytes JMP 773b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759b16bd 2 bytes JMP 773b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\system32\SearchIndexer.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077681360 5 bytes JMP 00000000777e0460 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776813b0 5 bytes JMP 00000000777e0450 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077681510 5 bytes JMP 00000000777e0370 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077681560 5 bytes JMP 00000000777e0470 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077681570 5 bytes JMP 00000000777e03e0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077681620 5 bytes JMP 00000000777e0320 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077681650 5 bytes JMP 00000000777e03b0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077681670 5 bytes JMP 00000000777e0390 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776816b0 5 bytes JMP 00000000777e02e0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077681730 5 bytes JMP 00000000777e02d0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077681750 5 bytes JMP 00000000777e0310 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077681790 5 bytes JMP 00000000777e03c0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776817e0 5 bytes JMP 00000000777e03f0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077681940 5 bytes JMP 00000000777e0230 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077681b00 5 bytes JMP 00000000777e0480 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077681b30 5 bytes JMP 00000000777e03a0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077681c10 5 bytes JMP 00000000777e02f0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077681c20 5 bytes JMP 00000000777e0350 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077681c80 5 bytes JMP 00000000777e0290 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077681d10 5 bytes JMP 00000000777e02b0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077681d30 5 bytes JMP 00000000777e03d0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077681d40 5 bytes JMP 00000000777e0330 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077681db0 5 bytes JMP 00000000777e0410 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077681de0 5 bytes JMP 00000000777e0240 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776820a0 5 bytes JMP 00000000777e01e0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077682160 5 bytes JMP 00000000777e0250 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077682190 5 bytes JMP 00000000777e0490 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776821a0 5 bytes JMP 00000000777e04a0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776821d0 5 bytes JMP 00000000777e0300 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776821e0 5 bytes JMP 00000000777e0360 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077682240 5 bytes JMP 00000000777e02a0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077682290 5 bytes JMP 00000000777e02c0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776822c0 5 bytes JMP 00000000777e0380 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776822d0 5 bytes JMP 00000000777e0340 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776825c0 5 bytes JMP 00000000777e0440 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776827c0 5 bytes JMP 00000000777e0260 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776827d0 5 bytes JMP 00000000777e0270 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776827e0 5 bytes JMP 00000000777e0400 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776829a0 5 bytes JMP 00000000777e01f0 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776829b0 5 bytes JMP 00000000777e0210 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077682a20 5 bytes JMP 00000000777e0200 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077682a80 5 bytes JMP 00000000777e0420 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077682a90 5 bytes JMP 00000000777e0430 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077682aa0 5 bytes JMP 00000000777e0220 .text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077682b80 5 bytes JMP 00000000777e0280 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe [2456](2015-01-15 09:52:25) 000000006fbc0000 Library C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe [2456](2015-01-15 09:52:25) 000000006e940000 Library C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe [2456](2015-01-15 09:52:25) 000000006a1c0000 Library C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe [2456](2015-01-15 09:52:25) 000000006ff00000 Library C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe [2456](2015-01-15 09:52:25) 000000006efc0000 Library C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe [2456](2015-01-15 09:52:25) 000000006ed40000 ---- EOF - GMER 2.1 ----