GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-05 14:46:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3750525AS rev.JC4B 698,64GB Running: wokvqno3.exe; Driver: C:\Users\Pawel\AppData\Local\Temp\awddrkog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 000000014a600460 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 000000014a600450 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 000000014a600370 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 000000014a600470 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 000000014a6003e0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 000000014a600320 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 000000014a6003b0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 000000014a600390 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 000000014a6002e0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 000000014a6002d0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 000000014a600310 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 000000014a6003c0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 000000014a6003f0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 000000014a600230 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 000000014a600480 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 000000014a6003a0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 000000014a6002f0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 000000014a600350 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 000000014a600290 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 000000014a6002b0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 000000014a6003d0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 000000014a600330 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 000000014a600410 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 000000014a600240 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 000000014a6001e0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 000000014a600250 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 000000014a600490 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 000000014a6004a0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 000000014a600300 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 000000014a600360 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 000000014a6002a0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 000000014a6002c0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 000000014a600380 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 000000014a600340 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 000000014a600440 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 000000014a600260 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 000000014a600270 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 000000014a600400 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 000000014a6001f0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 000000014a600210 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 000000014a600200 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 000000014a600420 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 000000014a600430 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 000000014a600220 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 000000014a600280 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 000000014a600460 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 000000014a600450 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 000000014a600370 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 000000014a600470 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 000000014a6003e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 000000014a600320 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 000000014a6003b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 000000014a600390 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 000000014a6002e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 000000014a6002d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 000000014a600310 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 000000014a6003c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 000000014a6003f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 000000014a600230 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 000000014a600480 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 000000014a6003a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 000000014a6002f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 000000014a600350 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 000000014a600290 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 000000014a6002b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 000000014a6003d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 000000014a600330 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 000000014a600410 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 000000014a600240 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 000000014a6001e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 000000014a600250 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 000000014a600490 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 000000014a6004a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 000000014a600300 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 000000014a600360 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 000000014a6002a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 000000014a6002c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 000000014a600380 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 000000014a600340 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 000000014a600440 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 000000014a600260 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 000000014a600270 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 000000014a600400 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 000000014a6001f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 000000014a600210 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 000000014a600200 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 000000014a600420 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 000000014a600430 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 000000014a600220 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 000000014a600280 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000100070280 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\nvvsvc.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\nvvsvc.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000100070280 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\Dwm.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\System32\svchost.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\Explorer.EXE[1092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076141401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076141419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076141431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007614144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761414dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761414f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007614150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076141525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007614153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076141555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007614156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076141585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007614159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761415b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761415cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761416b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761416bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\wbem\wmiprvse.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\SearchIndexer.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\conhost.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076682ab1 5 bytes JMP 00000001003c2ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076141401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076141419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076141431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007614144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761414dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761414f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007614150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076141525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007614153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076141555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007614156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076141585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007614159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761415b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761415cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761416b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761416bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076141401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076141419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076141431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007614144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000761414dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000761414f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007614150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076141525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007614153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076141555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007614156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076141585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007614159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000761415b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000761415cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000761416b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[4104] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000761416bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\RunDll32.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000763a8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076141401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076141419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076141431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007614144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761414dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761414f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007614150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076141525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007614153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076141555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007614156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076141585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007614159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761415b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761415cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761416b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761416bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076141401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076141419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076141431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007614144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761414dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761414f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007614150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076141525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007614153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076141555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007614156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076141585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007614159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761415b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761415cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761416b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761416bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076141401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076141419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076141431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007614144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000761414dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000761414f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007614150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076141525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007614153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076141555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007614156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076141585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007614159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000761415b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000761415cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000761416b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000761416bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\System32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076141401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076141419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076141431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007614144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761414dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761414f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007614150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076141525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007614153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076141555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007614156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076141585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007614159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761415b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761415cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761416b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761416bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007745f9f1 7 bytes {MOV EDX, 0xe4dae8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007745fa6d 7 bytes {MOV EDX, 0xe4d9a8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007745fb85 7 bytes {MOV EDX, 0xe4d968; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007745fc35 7 bytes {MOV EDX, 0xe4db28; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007745fc65 7 bytes {MOV EDX, 0xe4da68; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007745fc7d 7 bytes {MOV EDX, 0xe4d928; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007745fc95 7 bytes {MOV EDX, 0xe4dbe8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007745fcc5 7 bytes {MOV EDX, 0xe4dc28; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007745fd45 7 bytes {MOV EDX, 0xe4dba8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007745fd5d 7 bytes {MOV EDX, 0xe4db68; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007745fda9 7 bytes {MOV EDX, 0xe4d868; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007745fea1 7 bytes {MOV EDX, 0xe4d8a8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000774600f9 7 bytes {MOV EDX, 0xe4d828; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 000000007746105d 7 bytes {MOV EDX, 0xe4d9e8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077461105 7 bytes {MOV EDX, 0xe4daa8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007746117d 7 bytes {MOV EDX, 0xe4da28; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077461381 7 bytes {MOV EDX, 0xe4d8e8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076141401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076141419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076141431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007614144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761414dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761414f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007614150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076141525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007614153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076141555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007614156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076141585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007614159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761415b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761415cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761416b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761416bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007745f9f1 7 bytes {MOV EDX, 0x44d2e8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007745fa6d 7 bytes {MOV EDX, 0x44d1a8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007745fb85 7 bytes {MOV EDX, 0x44d168; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007745fc35 7 bytes {MOV EDX, 0x44d328; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007745fc65 7 bytes {MOV EDX, 0x44d268; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007745fc7d 7 bytes {MOV EDX, 0x44d128; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007745fc95 7 bytes {MOV EDX, 0x44d3e8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007745fcc5 7 bytes {MOV EDX, 0x44d428; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007745fd45 7 bytes {MOV EDX, 0x44d3a8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007745fd5d 7 bytes {MOV EDX, 0x44d368; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007745fda9 7 bytes {MOV EDX, 0x44d068; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007745fea1 7 bytes {MOV EDX, 0x44d0a8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000774600f9 7 bytes {MOV EDX, 0x44d028; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 000000007746105d 7 bytes {MOV EDX, 0x44d1e8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077461105 7 bytes {MOV EDX, 0x44d2a8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007746117d 7 bytes {MOV EDX, 0x44d228; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077461381 7 bytes {MOV EDX, 0x44d0e8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076141401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076141419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076141431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007614144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761414dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761414f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007614150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076141525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007614153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076141555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007614156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076141585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007614159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761415b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761415cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761416b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761416bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\notepad.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772ada60 5 bytes JMP 0000000077410460 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772adab0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772adc10 5 bytes JMP 0000000077410370 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772adc60 5 bytes JMP 0000000077410470 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772adc70 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772add20 5 bytes JMP 0000000077410320 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772add50 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772add70 5 bytes JMP 0000000077410390 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772addb0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772ade30 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772ade50 5 bytes JMP 0000000077410310 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772ade90 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772adee0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772ae040 5 bytes JMP 0000000077410230 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772ae200 5 bytes JMP 0000000077410480 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772ae230 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772ae310 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772ae320 5 bytes JMP 0000000077410350 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772ae380 5 bytes JMP 0000000077410290 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772ae410 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772ae430 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772ae440 5 bytes JMP 0000000077410330 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772ae4b0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772ae4e0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772ae7a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772ae860 5 bytes JMP 0000000077410250 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772ae890 5 bytes JMP 0000000077410490 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772ae8a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772ae8d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772ae8e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772ae940 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772ae990 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772ae9c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772ae9d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772aecc0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772aeec0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772aeed0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772aeee0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772af0a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772af0b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772af120 5 bytes JMP 0000000077410200 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772af180 5 bytes JMP 0000000077410420 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772af190 5 bytes JMP 0000000077410430 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772af1a0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\notepad.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772af280 5 bytes JMP 0000000077410280 ---- Files - GMER 2.1 ---- File C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0093f5 1621541 bytes File C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000434 1048576 bytes File C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000433 1048576 bytes File C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000436 1048576 bytes File C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000437 362593 bytes ---- EOF - GMER 2.1 ----