GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-11 13:04:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 Crucial_CT128M550SSD1 rev.MU01 119,24GB Running: xtoyi7vc.exe; Driver: C:\Users\Kise\AppData\Local\Temp\aftcaaog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 0000000147e10460 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 0000000147e10450 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 0000000147e10370 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 0000000147e10470 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 0000000147e103e0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 0000000147e10320 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 0000000147e103b0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 0000000147e10390 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 0000000147e102e0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 0000000147e102d0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 0000000147e10310 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 0000000147e103c0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 0000000147e103f0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 0000000147e10230 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 0000000147e10480 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 0000000147e103a0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 0000000147e102f0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 0000000147e10350 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 0000000147e10290 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 0000000147e102b0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 0000000147e103d0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 0000000147e10330 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 0000000147e10410 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 0000000147e10240 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 0000000147e101e0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 0000000147e10250 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 0000000147e10490 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 0000000147e104a0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 0000000147e10300 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 0000000147e10360 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 0000000147e102a0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 0000000147e102c0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 0000000147e10380 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 0000000147e10340 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 0000000147e10440 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 0000000147e10260 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 0000000147e10270 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 0000000147e10400 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 0000000147e101f0 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 0000000147e10210 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 0000000147e10200 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 0000000147e10420 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 0000000147e10430 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 0000000147e10220 .text C:\Windows\System32\smss.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 0000000147e10280 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 000000014a040460 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 000000014a040450 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 000000014a040370 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 000000014a040470 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 000000014a0403e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 000000014a040320 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 000000014a0403b0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 000000014a040390 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 000000014a0402e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 000000014a0402d0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 000000014a040310 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 000000014a0403c0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 000000014a0403f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 000000014a040230 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 000000014a040480 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 000000014a0403a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 000000014a0402f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 000000014a040350 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 000000014a040290 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 000000014a0402b0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 000000014a0403d0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 000000014a040330 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 000000014a040410 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 000000014a040240 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 000000014a0401e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 000000014a040250 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 000000014a040490 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 000000014a0404a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 000000014a040300 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 000000014a040360 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 000000014a0402a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 000000014a0402c0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 000000014a040380 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 000000014a040340 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 000000014a040440 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 000000014a040260 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 000000014a040270 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 000000014a040400 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 000000014a0401f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 000000014a040210 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 000000014a040200 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 000000014a040420 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 000000014a040430 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 000000014a040220 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 000000014a040280 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 000000014a040460 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 000000014a040450 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 000000014a040370 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 000000014a040470 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 000000014a0403e0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 000000014a040320 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 000000014a0403b0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 000000014a040390 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 000000014a0402e0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 000000014a0402d0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 000000014a040310 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 000000014a0403c0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 000000014a0403f0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 000000014a040230 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 000000014a040480 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 000000014a0403a0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 000000014a0402f0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 000000014a040350 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 000000014a040290 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 000000014a0402b0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 000000014a0403d0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 000000014a040330 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 000000014a040410 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 000000014a040240 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 000000014a0401e0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 000000014a040250 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 000000014a040490 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 000000014a0404a0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 000000014a040300 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 000000014a040360 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 000000014a0402a0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 000000014a0402c0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 000000014a040380 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 000000014a040340 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 000000014a040440 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 000000014a040260 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 000000014a040270 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 000000014a040400 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 000000014a0401f0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 000000014a040210 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 000000014a040200 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 000000014a040420 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 000000014a040430 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 000000014a040220 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 000000014a040280 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\winlogon.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\lsass.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\lsm.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\nvvsvc.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 0000000100070280 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\nvvsvc.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\taskhost.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75] .text ... * 9 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000001000703c0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 0000000100070230 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 0000000100070330 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 0000000100070410 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 0000000100070250 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000001000702a0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000001000702c0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 0000000100070440 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 0000000100070260 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 0000000100070270 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 0000000100070420 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75] .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\SysWOW64\PnkBstrA.exe[2960] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000740f17fa 2 bytes CALL 76eb11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2960] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000740f1860 2 bytes CALL 76eb11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2960] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000740f1942 2 bytes JMP 76e67089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2960] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000740f194d 2 bytes JMP 76e6cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\AVAST Software\Avast\ng\ngservice.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\Explorer.EXE[4220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c92ab1 5 bytes JMP 000000010132fa56 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75] .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75] .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 0000000100260460 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 0000000100260450 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 0000000100260370 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 0000000100260470 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000001002603e0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 0000000100260320 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000001002603b0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 0000000100260390 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000001002602e0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000001002602d0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 0000000100260310 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000001002603c0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000001002603f0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 0000000100260230 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 0000000100260480 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000001002603a0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000001002602f0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 0000000100260350 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 0000000100260290 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000001002602b0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000001002603d0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 0000000100260330 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 0000000100260410 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 0000000100260240 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000001002601e0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 0000000100260250 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 0000000100260490 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000001002604a0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 0000000100260300 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 0000000100260360 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000001002602a0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000001002602c0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 0000000100260380 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 0000000100260340 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 0000000100260440 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 0000000100260260 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 0000000100260270 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 0000000100260400 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000001002601f0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 0000000100260210 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 0000000100260200 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 0000000100260420 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 0000000100260430 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 0000000100260220 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 0000000100260280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4824] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076eb8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75] .text ... * 9 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\wbem\unsecapp.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\CCleaner\CCleaner64.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\wbem\unsecapp.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\System32\svchost.exe[4500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 0000000100070230 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 0000000100070350 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 0000000100070290 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 0000000100070330 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 0000000100070250 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 0000000100070490 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 0000000100070200 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 0000000100070420 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 0000000100070430 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\GWX\GWX.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 0000000100070280 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 0000000100060460 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 0000000100060450 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 0000000100060370 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 0000000100060470 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000001000603e0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 0000000100060320 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000001000603b0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 0000000100060390 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000001000602e0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000001000602d0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 0000000100060310 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000001000603c0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000001000603f0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 0000000100060230 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 0000000100060480 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000001000603a0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000001000602f0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 0000000100060350 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 0000000100060290 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000001000602b0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000001000603d0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 0000000100060330 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 0000000100060410 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 0000000100060240 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 0000000100060250 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 0000000100060490 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000001000604a0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 0000000100060300 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 0000000100060360 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000001000602a0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000001000602c0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 0000000100060380 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 0000000100060340 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 0000000100060440 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 0000000100060260 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 0000000100060270 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 0000000100060400 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000001000601f0 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 0000000100060210 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 0000000100060200 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 0000000100060420 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 0000000100060430 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 0000000100060220 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[6384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 0000000100060280 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75] .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[6288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[6528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\DllHost.exe[6316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75] .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75] .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75] .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75] .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\vssvc.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\System32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\System32\svchost.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\svchost.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Program Files\CCleaner\CCleaner64.exe[8064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\system32\AUDIODG.EXE[3280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007773da60 5 bytes JMP 00000000778a0460 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007773dab0 5 bytes JMP 00000000778a0450 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007773dc10 5 bytes JMP 00000000778a0370 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007773dc60 5 bytes JMP 00000000778a0470 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007773dc70 5 bytes JMP 00000000778a03e0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007773dd20 5 bytes JMP 00000000778a0320 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007773dd50 5 bytes JMP 00000000778a03b0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007773dd70 5 bytes JMP 00000000778a0390 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007773ddb0 5 bytes JMP 00000000778a02e0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007773de30 5 bytes JMP 00000000778a02d0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007773de50 5 bytes JMP 00000000778a0310 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007773de90 5 bytes JMP 00000000778a03c0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007773dee0 5 bytes JMP 00000000778a03f0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007773e040 5 bytes JMP 00000000778a0230 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007773e200 5 bytes JMP 00000000778a0480 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007773e230 5 bytes JMP 00000000778a03a0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007773e310 5 bytes JMP 00000000778a02f0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007773e320 5 bytes JMP 00000000778a0350 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007773e380 5 bytes JMP 00000000778a0290 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007773e410 5 bytes JMP 00000000778a02b0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007773e430 5 bytes JMP 00000000778a03d0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007773e440 5 bytes JMP 00000000778a0330 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007773e4b0 5 bytes JMP 00000000778a0410 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007773e4e0 5 bytes JMP 00000000778a0240 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007773e7a0 5 bytes JMP 00000000778a01e0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007773e860 5 bytes JMP 00000000778a0250 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007773e890 5 bytes JMP 00000000778a0490 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007773e8a0 5 bytes JMP 00000000778a04a0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007773e8d0 5 bytes JMP 00000000778a0300 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007773e8e0 5 bytes JMP 00000000778a0360 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007773e940 5 bytes JMP 00000000778a02a0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007773e990 5 bytes JMP 00000000778a02c0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007773e9c0 5 bytes JMP 00000000778a0380 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007773e9d0 5 bytes JMP 00000000778a0340 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007773ecc0 5 bytes JMP 00000000778a0440 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007773eec0 5 bytes JMP 00000000778a0260 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007773eed0 5 bytes JMP 00000000778a0270 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007773eee0 5 bytes JMP 00000000778a0400 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007773f0a0 5 bytes JMP 00000000778a01f0 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007773f0b0 5 bytes JMP 00000000778a0210 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007773f120 5 bytes JMP 00000000778a0200 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007773f180 5 bytes JMP 00000000778a0420 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007773f190 5 bytes JMP 00000000778a0430 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007773f1a0 5 bytes JMP 00000000778a0220 .text C:\Windows\explorer.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007773f280 5 bytes JMP 00000000778a0280 ---- Processes - GMER 2.1 ---- Library C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [4220] 000007fef1650000 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 4 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 5120 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Current Session 1587 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Extension State\000005.ldb 262 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Extension State\000006.log 171 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG 259 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG.old 47 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000004 151 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 512 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\History 94208 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 6 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Last Session 1587 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Login Data 12288 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Login Data-journal 512 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Preferences 1985 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Secure Preferences 18854 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Shortcuts 20480 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 4616 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Web Data 71680 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\Local State 1708 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\sfzone_profile\pnacl 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\Users\Kise 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\Users\Kise\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\Users\Kise\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\C\Users\Kise\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-4138673905-1388985486-590777740-1000\sfzone\snx_fs.dat 6744 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 29696 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{d1f59e0d-076e-11e5-b7ef-d0509926e003}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{d1f59e0d-076e-11e5-b7ef-d0509926e003}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{d1f59e0d-076e-11e5-b7ef-d0509926e003}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----