GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-27 15:23:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB Running: s1l19eu1.exe; Driver: C:\Users\user\AppData\Local\Temp\kgldipoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\windows\System32\win32k.sys!EngSetLastError + 608 fffff96000105694 8 bytes [54, 77, CC, 04, 80, F8, FF, ...] .text C:\windows\System32\win32k.sys!W32pServiceTable fffff96000134b00 7 bytes [C0, 8C, F3, FF, 01, 9E, F0] .text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000134b08 3 bytes [C0, 06, 02] .text ... * 108 .text C:\windows\System32\win32k.sys!EngGetProcessHandle + 476 fffff960001fc2b8 6 bytes {JMP QWORD [RIP-0xbb866]} ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 000000014a240460 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 000000014a240450 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 000000014a240370 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 000000014a240470 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 000000014a2403e0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 000000014a240320 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 000000014a2403b0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 000000014a240390 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 000000014a2402e0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 000000014a2402d0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 000000014a240310 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 000000014a2403c0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 000000014a2403f0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 000000014a240230 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 000000014a240480 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 000000014a2403a0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 000000014a2402f0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 000000014a240350 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 000000014a240290 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 000000014a2402b0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 000000014a2403d0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 000000014a240330 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 000000014a240410 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 000000014a240240 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 000000014a2401e0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 000000014a240250 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 000000014a240490 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 000000014a2404a0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 000000014a240300 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 000000014a240360 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 000000014a2402a0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 000000014a2402c0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 000000014a240380 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 000000014a240340 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 000000014a240440 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 000000014a240260 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 000000014a240270 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 000000014a240400 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 000000014a2401f0 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 000000014a240210 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 000000014a240200 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 000000014a240420 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 000000014a240430 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 000000014a240220 .text C:\windows\system32\csrss.exe[612] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 000000014a240280 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\wininit.exe[736] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 000000014a240460 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 000000014a240450 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 000000014a240370 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 000000014a240470 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 000000014a2403e0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 000000014a240320 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 000000014a2403b0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 000000014a240390 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 000000014a2402e0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 000000014a2402d0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 000000014a240310 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 000000014a2403c0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 000000014a2403f0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 000000014a240230 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 000000014a240480 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 000000014a2403a0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 000000014a2402f0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 000000014a240350 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 000000014a240290 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 000000014a2402b0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 000000014a2403d0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 000000014a240330 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 000000014a240410 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 000000014a240240 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 000000014a2401e0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 000000014a240250 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 000000014a240490 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 000000014a2404a0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 000000014a240300 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 000000014a240360 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 000000014a2402a0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 000000014a2402c0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 000000014a240380 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 000000014a240340 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 000000014a240440 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 000000014a240260 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 000000014a240270 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 000000014a240400 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 000000014a2401f0 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 000000014a240210 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 000000014a240200 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 000000014a240420 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 000000014a240430 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 000000014a240220 .text C:\windows\system32\csrss.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 000000014a240280 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\services.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\lsass.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\lsm.exe[840] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\svchost.exe[932] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\nvvsvc.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\winlogon.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\svchost.exe[624] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000100070460 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000100070450 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000100070370 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000100070470 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000001000703e0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000100070320 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000001000703b0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000100070390 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000001000702d0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000100070310 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000001000703c0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000001000703f0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000100070230 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000100070480 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000001000703a0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000001000702f0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000100070350 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000100070290 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000001000702b0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000001000703d0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000100070330 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000100070410 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000100070240 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000100070250 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000100070490 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000001000704a0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000100070300 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000100070360 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000001000702a0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000001000702c0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000100070380 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000100070340 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000100070440 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000100070260 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000100070270 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000100070400 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000100070200 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000100070420 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000100070430 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000100070220 .text C:\windows\System32\svchost.exe[1072] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000100070280 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\System32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\svchost.exe[1136] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\svchost.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\svchost.exe[1324] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\WLANExt.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\svchost.exe[1540] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\nvvsvc.exe[1720] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\System32\spoolsv.exe[1928] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\System32\svchost.exe[1264] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\taskeng.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\Dwm.exe[2840] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\taskhost.exe[2848] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2980] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\Explorer.EXE[3200] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 ? C:\windows\system32\mssprxy.dll [3552] entry point in ".rdata" section 0000000071dd71e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075da1401 2 bytes JMP 751bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075da1419 2 bytes JMP 751bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075da1431 2 bytes JMP 75238f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075da144a 2 bytes CALL 7519489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075da14dd 2 bytes JMP 75238822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075da14f5 2 bytes JMP 752389f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075da150d 2 bytes JMP 75238718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075da1525 2 bytes JMP 75238ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075da153d 2 bytes JMP 751afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075da1555 2 bytes JMP 751b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075da156d 2 bytes JMP 75238fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075da1585 2 bytes JMP 75238b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075da159d 2 bytes JMP 752386dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075da15b5 2 bytes JMP 751afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075da15cd 2 bytes JMP 751bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075da16b2 2 bytes JMP 75238ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075da16bd 2 bytes JMP 75238671 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\taskeng.exe[4516] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\svchost.exe[4640] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4948] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\Windows\System32\ThpSrv.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075da1401 2 bytes JMP 751bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075da1419 2 bytes JMP 751bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075da1431 2 bytes JMP 75238f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075da144a 2 bytes CALL 7519489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075da14dd 2 bytes JMP 75238822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075da14f5 2 bytes JMP 752389f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075da150d 2 bytes JMP 75238718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075da1525 2 bytes JMP 75238ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075da153d 2 bytes JMP 751afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075da1555 2 bytes JMP 751b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075da156d 2 bytes JMP 75238fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075da1585 2 bytes JMP 75238b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075da159d 2 bytes JMP 752386dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075da15b5 2 bytes JMP 751afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075da15cd 2 bytes JMP 751bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075da16b2 2 bytes JMP 75238ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075da16bd 2 bytes JMP 75238671 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075198781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075da1401 2 bytes JMP 751bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075da1419 2 bytes JMP 751bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075da1431 2 bytes JMP 75238f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075da144a 2 bytes CALL 7519489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075da14dd 2 bytes JMP 75238822 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075da14f5 2 bytes JMP 752389f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075da150d 2 bytes JMP 75238718 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075da1525 2 bytes JMP 75238ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075da153d 2 bytes JMP 751afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075da1555 2 bytes JMP 751b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075da156d 2 bytes JMP 75238fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075da1585 2 bytes JMP 75238b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075da159d 2 bytes JMP 752386dc C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075da15b5 2 bytes JMP 751afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075da15cd 2 bytes JMP 751bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075da16b2 2 bytes JMP 75238ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Alwil Software\Avast5\avastui.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075da16bd 2 bytes JMP 75238671 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[2064] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075da1401 2 bytes JMP 751bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075da1419 2 bytes JMP 751bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075da1431 2 bytes JMP 75238f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075da144a 2 bytes CALL 7519489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075da14dd 2 bytes JMP 75238822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075da14f5 2 bytes JMP 752389f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075da150d 2 bytes JMP 75238718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075da1525 2 bytes JMP 75238ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075da153d 2 bytes JMP 751afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075da1555 2 bytes JMP 751b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075da156d 2 bytes JMP 75238fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075da1585 2 bytes JMP 75238b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075da159d 2 bytes JMP 752386dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075da15b5 2 bytes JMP 751afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075da15cd 2 bytes JMP 751bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075da16b2 2 bytes JMP 75238ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4460] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075da16bd 2 bytes JMP 75238671 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\rundll32.exe[3452] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075da1401 2 bytes JMP 751bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075da1419 2 bytes JMP 751bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075da1431 2 bytes JMP 75238f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075da144a 2 bytes CALL 7519489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075da14dd 2 bytes JMP 75238822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075da14f5 2 bytes JMP 752389f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075da150d 2 bytes JMP 75238718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075da1525 2 bytes JMP 75238ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075da153d 2 bytes JMP 751afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075da1555 2 bytes JMP 751b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075da156d 2 bytes JMP 75238fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075da1585 2 bytes JMP 75238b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075da159d 2 bytes JMP 752386dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075da15b5 2 bytes JMP 751afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075da15cd 2 bytes JMP 751bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075da16b2 2 bytes JMP 75238ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5384] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075da16bd 2 bytes JMP 75238671 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773bdc60 5 bytes JMP 0000000077520460 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773bdcb0 5 bytes JMP 0000000077520450 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773bde10 5 bytes JMP 0000000077520370 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773bde60 5 bytes JMP 0000000077520470 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773bde70 5 bytes JMP 00000000775203e0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773bdf20 5 bytes JMP 0000000077520320 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773bdf50 5 bytes JMP 00000000775203b0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773bdf70 5 bytes JMP 0000000077520390 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773bdfb0 5 bytes JMP 00000000775202e0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773be030 5 bytes JMP 00000000775202d0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773be050 5 bytes JMP 0000000077520310 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773be090 5 bytes JMP 00000000775203c0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773be0e0 5 bytes JMP 00000000775203f0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773be240 5 bytes JMP 0000000077520230 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773be400 5 bytes JMP 0000000077520480 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773be430 5 bytes JMP 00000000775203a0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773be510 5 bytes JMP 00000000775202f0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773be520 5 bytes JMP 0000000077520350 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773be580 5 bytes JMP 0000000077520290 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773be610 5 bytes JMP 00000000775202b0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773be630 5 bytes JMP 00000000775203d0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773be640 5 bytes JMP 0000000077520330 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773be6b0 5 bytes JMP 0000000077520410 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773be6e0 5 bytes JMP 0000000077520240 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773be9a0 5 bytes JMP 00000000775201e0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773bea60 5 bytes JMP 0000000077520250 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773bea90 5 bytes JMP 0000000077520490 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773beaa0 5 bytes JMP 00000000775204a0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773bead0 5 bytes JMP 0000000077520300 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773beae0 5 bytes JMP 0000000077520360 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773beb40 5 bytes JMP 00000000775202a0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773beb90 5 bytes JMP 00000000775202c0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773bebc0 5 bytes JMP 0000000077520380 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773bebd0 5 bytes JMP 0000000077520340 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773beec0 5 bytes JMP 0000000077520440 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773bf0c0 5 bytes JMP 0000000077520260 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773bf0d0 5 bytes JMP 0000000077520270 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773bf0e0 5 bytes JMP 0000000077520400 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773bf2a0 5 bytes JMP 00000000775201f0 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773bf2b0 5 bytes JMP 0000000077520210 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773bf320 5 bytes JMP 0000000077520200 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773bf380 5 bytes JMP 0000000077520420 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773bf390 5 bytes JMP 0000000077520430 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773bf3a0 5 bytes JMP 0000000077520220 .text C:\windows\system32\wuauclt.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773bf480 5 bytes JMP 0000000077520280 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800103ae94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800103ac38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800103b614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800103ba10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800103b86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\aj4ikdx3 \Device\Scsi\aj4ikdx31Port5Path0Target0Lun0 fffffa8004fdc2c0 Device \Driver\JMCR \Device\Scsi\JMCR3Port3Path0TargetffLun0 fffffa8004f712c0 Device \Driver\JMCR \Device\Scsi\JMCR2Port2Path0TargetffLun0 fffffa8004f712c0 Device \Driver\JMCR \Device\Scsi\JMCR4Port4Path0TargetffLun0 fffffa8004f712c0 Device \Driver\JMCR \Device\Scsi\JMCR1Port1Path0TargetffLun0 fffffa8004f712c0 Device \Driver\aj4ikdx3 \Device\Scsi\aj4ikdx31 fffffa8004fdc2c0 Device \FileSystem\Ntfs \Ntfs fffffa80017b62c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004f232c0 Device \Driver\cdrom \Device\CdRom0 fffffa80048412c0 Device \Driver\cdrom \Device\CdRom1 fffffa80048412c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F9949DE8-5C0D-430E-8735-0A93F9034E77} fffffa8004c462c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8004f232c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004f232c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CC3FAE1C-098F-4545-964E-99F323FCB799} fffffa8004c462c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2D078AA4-2D19-47FA-9DE6-184FF6D2D2E2} fffffa8004c462c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004c462c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8004f232c0 Device \Driver\aj4ikdx3 \Device\ScsiPort5 fffffa8004fdc2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\aj4ikdx3.SYS fffff88004fa9000-fffff88004ffa000 (331776 bytes) ---- Processes - GMER 2.1 ---- Library C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\dismhost.exe (*** suspicious ***) @ C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\dismhost.exe [3048] 00000000ffa50000 Library C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\DismCorePS.dll (*** suspicious ***) @ C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\dismhost.exe [3048] 000007fef1f00000 Library C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\wdscore.dll (*** suspicious ***) @ C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\dismhost.exe [3048] 000007fef1d70000 Library C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\dismprov.dll (*** suspicious ***) @ C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\dismhost.exe [3048] 000007fef1d10000 Library C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\OSProvider.dll (*** suspicious ***) @ C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\dismhost.exe [3048] 000007fef1cd0000 Library C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\LogProvider.dll (*** suspicious ***) @ C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\dismhost.exe [3048] 000007fef1eb0000 Library C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\DmiProvider.dll (*** suspicious ***) @ C:\windows\TEMP\FC43FFA5-E568-4F32-AE02-D9D13C5C4C05\dismhost.exe [3048] 000007feeecb0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x71 0x0F 0xC2 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB5 0x43 0xF8 0x90 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0x31 0x57 0x8B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x71 0x0F 0xC2 0x74 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB5 0x43 0xF8 0x90 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0x31 0x57 0x8B ... ---- EOF - GMER 2.1 ----