GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-15 19:29:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB Running: i6vly0fn.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000149ea0450 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000149ea0440 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0xffffffffd2982990} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000149ea0360 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000149ea0460 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 0000000149ea03d0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000149ea0310 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 0000000149ea03a0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000149ea0380 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 0000000149ea02d0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 0000000149ea02c0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0xffffffffd2982490} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000149ea0300 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 0000000149ea03b0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 0000000149ea03e0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000149ea0220 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000149ea0470 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000149ea0390 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 0000000149ea02e0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000149ea0340 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000149ea0280 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 0000000149ea02a0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0xffffffffd2981e90} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 0000000149ea03c0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0xffffffffd2981f90} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000149ea0320 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000149ea0400 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000149ea0230 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 0000000149ea01d0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000149ea0240 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000149ea0480 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000149ea0490 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 0000000149ea02f0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000149ea0350 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000149ea0290 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 0000000149ea02b0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000149ea0370 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000149ea0330 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000149ea0430 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000149ea0250 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0xffffffffd2981390} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000149ea0260 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0xffffffffd2981390} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 0000000149ea03f0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 0000000149ea01e0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000149ea0200 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 0000000149ea01f0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000149ea0410 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0xffffffffd2981290} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000149ea0420 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0xffffffffd2981290} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000149ea0210 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000149ea0270 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000149ea0450 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000149ea0440 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0xffffffffd2982990} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000149ea0360 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000149ea0460 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 0000000149ea03d0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000149ea0310 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 0000000149ea03a0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000149ea0380 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 0000000149ea02d0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 0000000149ea02c0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0xffffffffd2982490} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000149ea0300 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 0000000149ea03b0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 0000000149ea03e0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000149ea0220 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000149ea0470 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000149ea0390 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 0000000149ea02e0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000149ea0340 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000149ea0280 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 0000000149ea02a0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0xffffffffd2981e90} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 0000000149ea03c0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0xffffffffd2981f90} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000149ea0320 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000149ea0400 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000149ea0230 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 0000000149ea01d0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000149ea0240 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000149ea0480 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000149ea0490 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 0000000149ea02f0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000149ea0350 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000149ea0290 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 0000000149ea02b0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000149ea0370 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000149ea0330 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000149ea0430 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000149ea0250 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0xffffffffd2981390} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000149ea0260 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0xffffffffd2981390} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 0000000149ea03f0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 0000000149ea01e0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000149ea0200 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 0000000149ea01f0 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000149ea0410 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0xffffffffd2981290} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000149ea0420 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0xffffffffd2981290} .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000149ea0210 .text C:\Windows\system32\csrss.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000149ea0270 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0xffffffff88b52990} .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0xffffffff88b52490} .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0xffffffff88b51e90} .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0xffffffff88b51f90} .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0xffffffff88b51390} .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0xffffffff88b51390} .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0xffffffff88b51290} .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0xffffffff88b51290} .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000100070270 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0xffffffff88b52990} .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0xffffffff88b52490} .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0xffffffff88b51e90} .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0xffffffff88b51f90} .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0xffffffff88b51390} .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0xffffffff88b51390} .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0xffffffff88b51290} .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0xffffffff88b51290} .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\System32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\servicing\TrustedInstaller.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\System32\spoolsv.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1552] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075c08781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\System32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076431401 2 bytes JMP 75c2b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076431419 2 bytes JMP 75c2b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076431431 2 bytes JMP 75ca8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007643144a 2 bytes CALL 75c0489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764314dd 2 bytes JMP 75ca88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764314f5 2 bytes JMP 75ca8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007643150d 2 bytes JMP 75ca87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076431525 2 bytes JMP 75ca8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007643153d 2 bytes JMP 75c1fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076431555 2 bytes JMP 75c268ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007643156d 2 bytes JMP 75ca9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076431585 2 bytes JMP 75ca8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007643159d 2 bytes JMP 75ca877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764315b5 2 bytes JMP 75c1fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764315cd 2 bytes JMP 75c2b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764316b2 2 bytes JMP 75ca8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764316bd 2 bytes JMP 75ca8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000100060450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000100060440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0xffffffff88b42990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000100060360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000100060460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000001000603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000100060310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000001000603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000100060380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000001000602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000001000602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0xffffffff88b42490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000100060300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000001000603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000001000603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000100060220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000100060470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000100060390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000001000602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000100060340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000100060280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000001000602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0xffffffff88b41e90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000001000603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0xffffffff88b41f90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000100060320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000100060400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000100060230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000001000601d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000100060240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000100060480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000100060490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000001000602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000100060350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000100060290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000001000602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000100060370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000100060330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000100060430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000100060250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0xffffffff88b41390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000100060260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0xffffffff88b41390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000001000603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000100060200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000001000601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000100060410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0xffffffff88b41290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000100060420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0xffffffff88b41290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000100060210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000100060270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000100070440 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0xffffffff88b52990} .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000001000702c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0xffffffff88b52490} .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000100070280 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000001000702a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0xffffffff88b51e90} .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000001000703c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0xffffffff88b51f90} .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000100070250 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0xffffffff88b51390} .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000100070260 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0xffffffff88b51390} .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000100070410 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0xffffffff88b51290} .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000100070420 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0xffffffff88b51290} .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wbem\wmiprvse.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\nvvsvc.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\taskhost.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000100060450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000100060440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0xffffffff88b42990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000100060360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000100060460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000001000603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000100060310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000001000603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000100060380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000001000602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000001000602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0xffffffff88b42490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000100060300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000001000603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000001000603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000100060220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000100060470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000100060390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000001000602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000100060340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000100060280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000001000602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0xffffffff88b41e90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000001000603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0xffffffff88b41f90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000100060320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000100060400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000100060230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000001000601d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000100060240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000100060480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000100060490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000001000602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000100060350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000100060290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000001000602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000100060370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000100060330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000100060430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000100060250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0xffffffff88b41390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000100060260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0xffffffff88b41390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000001000603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000100060200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000001000601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000100060410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0xffffffff88b41290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000100060420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0xffffffff88b41290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000100060210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000100060270 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\Dwm.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\Explorer.EXE[3248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\conhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000763e2ab1 5 bytes JMP 0000000100c1f4f2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076431401 2 bytes JMP 75c2b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076431419 2 bytes JMP 75c2b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076431431 2 bytes JMP 75ca8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007643144a 2 bytes CALL 75c0489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764314dd 2 bytes JMP 75ca88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764314f5 2 bytes JMP 75ca8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007643150d 2 bytes JMP 75ca87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076431525 2 bytes JMP 75ca8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007643153d 2 bytes JMP 75c1fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076431555 2 bytes JMP 75c268ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007643156d 2 bytes JMP 75ca9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076431585 2 bytes JMP 75ca8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007643159d 2 bytes JMP 75ca877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764315b5 2 bytes JMP 75c1fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764315cd 2 bytes JMP 75c2b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764316b2 2 bytes JMP 75ca8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764316bd 2 bytes JMP 75ca8713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\SearchIndexer.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!DbgBreakPoint 000000007751cc90 3 bytes [8B, 40, 30] .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000100060450 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000100060440 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0xffffffff88b42990} .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000100060360 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000100060460 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000001000603d0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000100060310 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000001000603a0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000100060380 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000001000602d0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000001000602c0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0xffffffff88b42490} .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000100060300 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000001000603b0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000001000603e0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000100060220 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000100060470 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000100060390 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000001000602e0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000100060340 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000100060280 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000001000602a0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0xffffffff88b41e90} .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000001000603c0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0xffffffff88b41f90} .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000100060320 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000100060400 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000100060230 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000001000601d0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000100060240 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000100060480 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000100060490 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000001000602f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000100060350 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000100060290 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000001000602b0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000100060370 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000100060330 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000100060430 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000100060250 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0xffffffff88b41390} .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000100060260 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0xffffffff88b41390} .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000001000603f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000100060200 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000001000601f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000100060410 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0xffffffff88b41290} .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000100060420 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0xffffffff88b41290} .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000100060210 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000100060270 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1500] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075c08781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076431401 2 bytes JMP 75c2b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076431419 2 bytes JMP 75c2b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076431431 2 bytes JMP 75ca8fd1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007643144a 2 bytes CALL 75c0489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764314dd 2 bytes JMP 75ca88c4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764314f5 2 bytes JMP 75ca8aa0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007643150d 2 bytes JMP 75ca87ba C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076431525 2 bytes JMP 75ca8b8a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007643153d 2 bytes JMP 75c1fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076431555 2 bytes JMP 75c268ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007643156d 2 bytes JMP 75ca9089 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076431585 2 bytes JMP 75ca8bea C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007643159d 2 bytes JMP 75ca877e C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764315b5 2 bytes JMP 75c1fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764315cd 2 bytes JMP 75c2b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764316b2 2 bytes JMP 75ca8f4c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764316bd 2 bytes JMP 75ca8713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007751da60 5 bytes JMP 0000000077680450 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007751dab0 1 byte JMP 0000000077680440 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 000000007751dab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007751dc10 5 bytes JMP 0000000077680360 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007751dc60 5 bytes JMP 0000000077680460 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007751dc70 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007751dd20 5 bytes JMP 0000000077680310 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007751dd50 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007751dd70 5 bytes JMP 0000000077680380 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007751ddb0 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007751de30 1 byte JMP 00000000776802c0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007751de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007751de50 5 bytes JMP 0000000077680300 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007751de90 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007751dee0 5 bytes JMP 00000000776803e0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007751e040 5 bytes JMP 0000000077680220 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007751e200 5 bytes JMP 0000000077680470 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007751e230 5 bytes JMP 0000000077680390 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007751e310 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007751e320 5 bytes JMP 0000000077680340 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007751e380 5 bytes JMP 0000000077680280 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007751e410 1 byte JMP 00000000776802a0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007751e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007751e430 1 byte JMP 00000000776803c0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007751e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007751e440 5 bytes JMP 0000000077680320 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007751e4b0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007751e4e0 5 bytes JMP 0000000077680230 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007751e7a0 5 bytes JMP 00000000776801d0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007751e860 5 bytes JMP 0000000077680240 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007751e890 5 bytes JMP 0000000077680480 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007751e8a0 5 bytes JMP 0000000077680490 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007751e8d0 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007751e8e0 5 bytes JMP 0000000077680350 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007751e940 5 bytes JMP 0000000077680290 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007751e990 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007751e9c0 5 bytes JMP 0000000077680370 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007751e9d0 5 bytes JMP 0000000077680330 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007751ecc0 5 bytes JMP 0000000077680430 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007751eec0 1 byte JMP 0000000077680250 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007751eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007751eed0 1 byte JMP 0000000077680260 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007751eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007751eee0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007751f0a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007751f0b0 5 bytes JMP 0000000077680200 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007751f120 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007751f180 1 byte JMP 0000000077680410 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 000000007751f182 3 bytes {JMP 0x161290} .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007751f190 1 byte JMP 0000000077680420 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 000000007751f192 3 bytes {JMP 0x161290} .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007751f1a0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\conhost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007751f280 5 bytes JMP 0000000077680270 .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076431401 2 bytes JMP 75c2b21b C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076431419 2 bytes JMP 75c2b346 C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076431431 2 bytes JMP 75ca8fd1 C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007643144a 2 bytes CALL 75c0489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764314dd 2 bytes JMP 75ca88c4 C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764314f5 2 bytes JMP 75ca8aa0 C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007643150d 2 bytes JMP 75ca87ba C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076431525 2 bytes JMP 75ca8b8a C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007643153d 2 bytes JMP 75c1fca8 C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076431555 2 bytes JMP 75c268ef C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007643156d 2 bytes JMP 75ca9089 C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076431585 2 bytes JMP 75ca8bea C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007643159d 2 bytes JMP 75ca877e C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764315b5 2 bytes JMP 75c1fd41 C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764315cd 2 bytes JMP 75c2b2dc C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764316b2 2 bytes JMP 75ca8f4c C:\Windows\syswow64\kernel32.dll .text D:\gry\WOW WoD Beta\Battle.net\Battle.net.6233\Battle.net.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764316bd 2 bytes JMP 75ca8713 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library C:\Users\user\AppData\Local\Temp\70aeaca4-098f-4bcc-b0fa-e2544fb40678\CliSecureRT64.dll (*** suspicious ***) @ C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [2724](2015-06-15 14:12:30) 0000000180000000 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps 2764 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin 1 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-11 200704 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Archived History 249856 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Archived History-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000010 25939 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000024 21842 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000038 22482 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 532480 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000001 23218 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000002 55543 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000003 20489 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000004 22956 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000005 34312 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000006 38344 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000007 34996 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000008 41920 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000009 31821 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000a 53228 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000b 291277 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000c 17244 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000d 44875 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000e 26059 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000f 80293 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000011 16593 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000012 20261 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000013 23249 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000014 22609 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000015 22042 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000016 21866 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000017 18703 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000018 20062 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000019 19686 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001a 30048 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001b 17053 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001c 27446 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001d 28238 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001e 22207 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001f 20166 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000020 18055 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000021 20029 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000022 25541 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000023 34442 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000025 19054 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000026 21266 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000027 17645 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000028 65002 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000029 19453 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002a 28295 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002b 18171 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002c 61434 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002d 149508 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002e 94633 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002f 60999 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000030 35288 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000031 19089 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000032 18107 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000033 31505 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000034 31052 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000035 18844 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000036 28972 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000037 36328 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000039 21302 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003a 29263 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003b 38672 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003c 20071 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003d 32555 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003e 26693 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003f 17417 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000040 22356 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000041 25009 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000042 21537 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000043 21883 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000044 22905 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000045 31655 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000046 19941 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000047 18648 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000048 21922 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_000049 35221 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004a 24745 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004b 26263 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004c 25086 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004d 32267 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cookies 31744 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Current Session 98541 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db-journal 5672 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\http_www.fotka.pl_0 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\databases\http_www.fotka.pl_0\1 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\000003.log 190 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOG 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension Rules\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\000003.log 285 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\GPUCache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History 466944 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-04 258048 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-04-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-10 36864 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-10-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2013-11-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-02 73728 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-02-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-03 409600 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Index 2014-03-journal 49760 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 28723 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\History-journal 25136 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\BFA4.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\BFA5.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\BFA6.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_spolecznosci.net_0.localstorage 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_spolecznosci.net_0.localstorage-journal 7736 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.fotka.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.fotka.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.youtube.com_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.youtube.com_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 23552 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs 7168 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Preferences 14164 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\QuotaManager 13312 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\QuotaManager-journal 8768 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\README 186 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\000003.log 508 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Session Storage\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 8720 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Web Data 77824 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Local State 14170 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 128 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com\server-static-files 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com\server-static-files\bbnaut-b.swf 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\bbcdn-bbnaut.ibillboard.com\server-static-files\bbnaut-b.swf\bbcookie.sol 73 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ3V23DH\s.ytimg.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bbcdn-bbnaut.ibillboard.com 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bbcdn-bbnaut.ibillboard.com\settings.sol 97 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 3429 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\98e247023708b752.customDestinations-ms 8287 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-EA1E6E17.pf 28922 bytes File C:\avast! sandbox\S-1-5-21-3017187921-1793405025-1133042684-1000\sfzone\snx_fs.dat 34192 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 37888 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{09b1705f-a7a3-11e3-99a9-8c89a55524ba}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{09b1705f-a7a3-11e3-99a9-8c89a55524ba}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{09b1705f-a7a3-11e3-99a9-8c89a55524ba}.TMContainer00000000000000000002.regtrans-ms 524288 bytes File C:\ProgramData\AVAST Software\Avast\Spamconf\sc1.bin.full.2015.10.14.23.01.43.lkr0 0 bytes File C:\ProgramData\AVAST Software\Avast\Spamconf\sc17.bin.incr.2015.10.15.17.01.01 352 bytes ---- EOF - GMER 2.1 ----