GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-02 22:41:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB Running: pixhk1wk.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000001497f0460 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000001497f0450 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000001497f0370 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000001497f0470 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000001497f03e0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000001497f0320 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000001497f03b0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000001497f0390 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000001497f02e0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000001497f02d0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000001497f0310 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000001497f03c0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000001497f03f0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000001497f0230 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000001497f0480 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000001497f03a0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000001497f02f0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000001497f0350 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000001497f0290 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000001497f02b0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000001497f03d0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000001497f0330 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000001497f0410 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000001497f0240 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000001497f01e0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000001497f0250 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000001497f0490 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000001497f04a0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000001497f0300 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000001497f0360 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000001497f02a0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000001497f02c0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000001497f0380 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000001497f0340 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000001497f0440 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000001497f0260 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000001497f0270 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000001497f0400 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000001497f01f0 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000001497f0210 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000001497f0200 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000001497f0420 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000001497f0430 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000001497f0220 .text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000001497f0280 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000001497f0460 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000001497f0450 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000001497f0370 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000001497f0470 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000001497f03e0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000001497f0320 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000001497f03b0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000001497f0390 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000001497f02e0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000001497f02d0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000001497f0310 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000001497f03c0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000001497f03f0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000001497f0230 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000001497f0480 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000001497f03a0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000001497f02f0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000001497f0350 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000001497f0290 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000001497f02b0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000001497f03d0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000001497f0330 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000001497f0410 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000001497f0240 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000001497f01e0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000001497f0250 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000001497f0490 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000001497f04a0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000001497f0300 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000001497f0360 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000001497f02a0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000001497f02c0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000001497f0380 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000001497f0340 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000001497f0440 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000001497f0260 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000001497f0270 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000001497f0400 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000001497f01f0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000001497f0210 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000001497f0200 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000001497f0420 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000001497f0430 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000001497f0220 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000001497f0280 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\Dwm.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[1668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774d1401 2 bytes JMP 750bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774d1419 2 bytes JMP 750bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774d1431 2 bytes JMP 75138ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774d144a 2 bytes CALL 750948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774d14dd 2 bytes JMP 751387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774d14f5 2 bytes JMP 75138978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774d150d 2 bytes JMP 75138698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774d1525 2 bytes JMP 75138a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774d153d 2 bytes JMP 750afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774d1555 2 bytes JMP 750b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774d156d 2 bytes JMP 75138f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774d1585 2 bytes JMP 75138ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774d159d 2 bytes JMP 7513865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774d15b5 2 bytes JMP 750afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774d15cd 2 bytes JMP 750bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774d16b2 2 bytes JMP 75138e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774d16bd 2 bytes JMP 751385f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!DbgBreakPoint 0000000077370590 3 bytes [8B, 40, 30] .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\svchost.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1336] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075098791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1524] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075098791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\System32\svchost.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\SearchIndexer.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077371360 5 bytes JMP 00000000774d0460 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773713b0 5 bytes JMP 00000000774d0450 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077371510 5 bytes JMP 00000000774d0370 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077371560 5 bytes JMP 00000000774d0470 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077371570 5 bytes JMP 00000000774d03e0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077371620 5 bytes JMP 00000000774d0320 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077371650 5 bytes JMP 00000000774d03b0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077371670 5 bytes JMP 00000000774d0390 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773716b0 5 bytes JMP 00000000774d02e0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077371730 5 bytes JMP 00000000774d02d0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077371750 5 bytes JMP 00000000774d0310 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077371790 5 bytes JMP 00000000774d03c0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773717e0 5 bytes JMP 00000000774d03f0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077371940 5 bytes JMP 00000000774d0230 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077371b00 5 bytes JMP 00000000774d0480 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077371b30 5 bytes JMP 00000000774d03a0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077371c10 5 bytes JMP 00000000774d02f0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077371c20 5 bytes JMP 00000000774d0350 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077371c80 5 bytes JMP 00000000774d0290 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077371d10 5 bytes JMP 00000000774d02b0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077371d30 5 bytes JMP 00000000774d03d0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077371d40 5 bytes JMP 00000000774d0330 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077371db0 5 bytes JMP 00000000774d0410 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077371de0 5 bytes JMP 00000000774d0240 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773720a0 5 bytes JMP 00000000774d01e0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077372160 5 bytes JMP 00000000774d0250 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077372190 5 bytes JMP 00000000774d0490 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773721a0 5 bytes JMP 00000000774d04a0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773721d0 5 bytes JMP 00000000774d0300 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773721e0 5 bytes JMP 00000000774d0360 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077372240 5 bytes JMP 00000000774d02a0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077372290 5 bytes JMP 00000000774d02c0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773722c0 5 bytes JMP 00000000774d0380 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773722d0 5 bytes JMP 00000000774d0340 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773725c0 5 bytes JMP 00000000774d0440 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773727c0 5 bytes JMP 00000000774d0260 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773727d0 5 bytes JMP 00000000774d0270 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773727e0 5 bytes JMP 00000000774d0400 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773729a0 5 bytes JMP 00000000774d01f0 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773729b0 5 bytes JMP 00000000774d0210 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077372a20 5 bytes JMP 00000000774d0200 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077372a80 5 bytes JMP 00000000774d0420 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077372a90 5 bytes JMP 00000000774d0430 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077372aa0 5 bytes JMP 00000000774d0220 .text C:\Windows\system32\AUDIODG.EXE[3524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077372b80 5 bytes JMP 00000000774d0280 ---- Processes - GMER 2.1 ---- Library C:\Users\user\AppData\Local\Temp\70aeaca4-098f-4bcc-b0fa-e2544fb40678\CliSecureRT64.dll (*** suspicious ***) @ C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [1852](2015-01-29 17:59:35) 0000000180000000 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps 2764 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin 1 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-11 200704 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Archived History 249856 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Archived History-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000010 25939 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000024 21842 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000038 22482 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 532480 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000001 23218 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000002 55543 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000003 20489 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000004 22956 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000005 34312 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000006 38344 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000007 34996 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000008 41920 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000009 31821 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000a 53228 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000b 291277 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000c 17244 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000d 44875 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000e 26059 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000f 80293 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000011 16593 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000012 20261 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000013 23249 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000014 22609 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000015 22042 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000016 21866 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000017 18703 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000018 20062 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000019 19686 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001a 30048 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001b 17053 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001c 27446 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001d 28238 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001e 22207 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001f 20166 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000020 18055 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000021 20029 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000022 25541 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000023 34442 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000025 19054 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000026 21266 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000027 17645 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000028 65002 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000029 19453 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002a 28295 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002b 18171 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002c 61434 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002d 149508 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002e 94633 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002f 60999 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000030 35288 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000031 19089 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000032 18107 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000033 31505 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000034 31052 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000035 18844 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000036 28972 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000037 36328 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000039 21302 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003a 29263 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003b 38672 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003c 20071 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003d 32555 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003e 26693 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003f 17417 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000040 22356 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000041 25009 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000042 21537 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000043 21883 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000044 22905 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000045 31655 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000046 19941 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000047 18648 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000048 21922 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000049 35221 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004a 24745 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004b 26263 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004c 25086 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004d 32267 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cookies 31744 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Current Session 98541 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db-journal 5672 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\http_www.fotka.pl_0 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\http_www.fotka.pl_0\1 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\000003.log 190 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOG 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\000003.log 285 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History 466944 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-04 258048 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-04-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-10 36864 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-10-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-11-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-02 73728 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-02-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-03 409600 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-03-journal 49760 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 28723 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History-journal 25136 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\BFA4.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\BFA5.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\BFA6.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_spolecznosci.net_0.localstorage 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_spolecznosci.net_0.localstorage-journal 7736 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.fotka.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.fotka.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.youtube.com_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.youtube.com_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 23552 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Preferences 14164 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\QuotaManager 13312 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\QuotaManager-journal 8768 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\README 186 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\000003.log 508 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 8720 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Web Data 77824 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Local State 14170 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 128 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com\server-static-files 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com\server-static-files\bbnaut-b.swf 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com\server-static-files\bbnaut-b.swf\bbcookie.sol 73 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\s.ytimg.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bbcdn-bbnaut.ibillboard.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bbcdn-bbnaut.ibillboard.com\settings.sol 97 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 3429 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\98e247023708b752.customDestinations-ms 8287 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-EA1E6E17.pf 28922 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\snx_fs.dat 34192 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 37888 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{09b1705f-a7a3-11e3-99a9-8c89a55524ba}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{09b1705f-a7a3-11e3-99a9-8c89a55524ba}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{09b1705f-a7a3-11e3-99a9-8c89a55524ba}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----