GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-25 01:37:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB Running: c9zss2wm.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\system32\winlogon.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0xffffffff886d2a90} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0xffffffff886d2490} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0xffffffff886d2590} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0xffffffff886d1990} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0xffffffff886d1990} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000000070270 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000000070480 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000000070360 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000000070490 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000000070310 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000000070380 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 00000000000702c0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0xffffffff886d2a90} .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000000070300 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000000070220 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000000070390 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000000070340 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000000070280 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 00000000000702a0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0xffffffff886d2490} .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 00000000000703c0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0xffffffff886d2590} .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000000070320 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000000070410 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000000070230 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000000070240 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000000070290 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000000070420 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000000070250 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0xffffffff886d1990} .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000000070260 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0xffffffff886d1990} .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000000070200 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000000070430 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000000070450 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000000070210 .text C:\Windows\System32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000000070270 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\System32\svchost.exe[1048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0xffffffff886d2a90} .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0xffffffff886d2490} .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0xffffffff886d2590} .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0xffffffff886d1990} .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0xffffffff886d1990} .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\system32\svchost.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000000070480 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000000070360 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000000070490 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000000070310 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000000070380 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 00000000000702c0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0xffffffff886d2a90} .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000000070300 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000000070220 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000000070390 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000000070340 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000000070280 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 00000000000702a0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0xffffffff886d2490} .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 00000000000703c0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0xffffffff886d2590} .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000000070320 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000000070410 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000000070230 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000000070240 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000000070290 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000000070420 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000000070250 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0xffffffff886d1990} .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000000070260 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0xffffffff886d1990} .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000000070200 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000000070430 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000000070450 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000000070210 .text C:\Windows\System32\svchost.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000000070270 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\system32\wbem\wmiprvse.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\system32\SearchIndexer.exe[228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Windows\system32\Dwm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Program Files\Windows Sidebar\sidebar.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007799d460 5 bytes JMP 0000000077b00480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007799d4b0 5 bytes JMP 0000000077b00470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007799d610 5 bytes JMP 0000000077b00360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007799d660 5 bytes JMP 0000000077b00490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007799d670 5 bytes JMP 0000000077b003d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007799d720 5 bytes JMP 0000000077b00310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007799d750 5 bytes JMP 0000000077b003a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007799d770 5 bytes JMP 0000000077b00380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007799d7b0 5 bytes JMP 0000000077b002d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007799d830 1 byte JMP 0000000077b002c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007799d832 3 bytes {JMP 0x162a90} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007799d850 5 bytes JMP 0000000077b00300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007799d890 5 bytes JMP 0000000077b003b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007799d8d0 5 bytes JMP 0000000077b00440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007799d8e0 5 bytes JMP 0000000077b003e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007799da40 5 bytes JMP 0000000077b00220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007799dc00 5 bytes JMP 0000000077b004a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007799dc30 5 bytes JMP 0000000077b00390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007799dd10 5 bytes JMP 0000000077b002e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007799dd20 5 bytes JMP 0000000077b00340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007799dd80 5 bytes JMP 0000000077b00280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007799de10 1 byte JMP 0000000077b002a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007799de12 3 bytes {JMP 0x162490} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007799de30 1 byte JMP 0000000077b003c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007799de32 3 bytes {JMP 0x162590} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007799de40 5 bytes JMP 0000000077b00320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007799deb0 5 bytes JMP 0000000077b00410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007799dee0 5 bytes JMP 0000000077b00230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007799e080 5 bytes JMP 0000000077b003f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007799e1a0 5 bytes JMP 0000000077b001d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007799e260 5 bytes JMP 0000000077b00240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007799e290 5 bytes JMP 0000000077b004b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007799e2a0 5 bytes JMP 0000000077b004c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007799e2d0 5 bytes JMP 0000000077b002f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007799e2e0 5 bytes JMP 0000000077b00350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007799e340 5 bytes JMP 0000000077b00290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007799e390 5 bytes JMP 0000000077b002b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007799e3c0 5 bytes JMP 0000000077b00370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007799e3d0 5 bytes JMP 0000000077b00330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007799e6c0 5 bytes JMP 0000000077b00460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007799e820 5 bytes JMP 0000000077b00420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007799e8c0 1 byte JMP 0000000077b00250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007799e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007799e8d0 1 byte JMP 0000000077b00260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007799e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007799e8e0 5 bytes JMP 0000000077b00400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007799eaa0 5 bytes JMP 0000000077b001e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007799eab0 5 bytes JMP 0000000077b00200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007799eb20 5 bytes JMP 0000000077b001f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007799eb80 5 bytes JMP 0000000077b00430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007799eb90 5 bytes JMP 0000000077b00450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007799eba0 5 bytes JMP 0000000077b00210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007799ec80 5 bytes JMP 0000000077b00270 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6104] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076f88791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- EOF - GMER 2.2 ----