GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-05 16:35:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD10EZEX-00BN5A0 rev.01.01A01 931,51GB Running: 33wqzjnj.exe; Driver: C:\Users\SHASTA~1\AppData\Local\Temp\kwlyauod.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000049760480 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000049760470 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000049760360 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000049760490 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000497603d0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000049760310 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000497603a0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000049760380 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000497602d0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000497602c0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffffd29c2490} .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000049760300 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000497603b0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000049760440 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000497603e0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000049760220 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000497604a0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000049760390 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000497602e0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000049760340 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000049760280 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000497602a0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffffd29c1e90} .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000497603c0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffffd29c1f90} .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000049760320 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000049760410 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000049760230 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000497603f0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000497601d0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000049760240 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000497604b0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000497604c0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000497602f0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000049760350 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000049760290 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000497602b0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000049760370 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000049760330 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000049760460 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000049760420 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000049760250 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffffd29c1390} .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000049760260 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffffd29c1390} .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000049760400 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000497601e0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000049760200 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000497601f0 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000049760430 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000049760450 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000049760210 .text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000049760270 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\wininit.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000049760480 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000049760470 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000049760360 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000049760490 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000497603d0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000049760310 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000497603a0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000049760380 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000497602d0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000497602c0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffffd29c2490} .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000049760300 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000497603b0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000049760440 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000497603e0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000049760220 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000497604a0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000049760390 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000497602e0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000049760340 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000049760280 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000497602a0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffffd29c1e90} .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000497603c0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffffd29c1f90} .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000049760320 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000049760410 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000049760230 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000497603f0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000497601d0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000049760240 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000497604b0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000497604c0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000497602f0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000049760350 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000049760290 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000497602b0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000049760370 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000049760330 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000049760460 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000049760420 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000049760250 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffffd29c1390} .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000049760260 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffffd29c1390} .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000049760400 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000497601e0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000049760200 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000497601f0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000049760430 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000049760450 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000049760210 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000049760270 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\winlogon.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffff892d2490} .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffff892d1e90} .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffff892d1f90} .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000000070270 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\nvvsvc.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffff892d2490} .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffff892d1e90} .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffff892d1f90} .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000000070270 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\System32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\System32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\AUDIODG.EXE[1312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000000070480 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000000070470 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000000070360 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000000070490 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000000070310 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000000070380 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000000702c0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffff892d2490} .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000000070300 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000000070440 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000000070220 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000000070390 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000000070340 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000000070280 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000000702a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffff892d1e90} .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000000703c0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffff892d1f90} .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000000070320 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000000070410 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000000070230 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000000070240 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000000070350 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000000070290 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000000070370 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000000070330 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000000070460 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000000070420 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000000070250 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000000070260 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000000070400 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000000070200 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000000070430 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000000070450 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000000070210 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffff892d2490} .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffff892d1e90} .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffff892d1f90} .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000000070270 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\System32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000000070480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000000070470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000000070360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000000070490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000000703d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000000070310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000000703a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000000070380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000000702d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000000702c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffff892d2490} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000000070300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000000703b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000000070440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000000703e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000000070220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000000704a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000000070390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000000702e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000000070340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000000070280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000000702a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffff892d1e90} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000000703c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffff892d1f90} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000000070320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000000070410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000000070230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000000703f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000000701d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000000070240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000000704b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000000704c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000000702f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000000070350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000000070290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000000702b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000000070370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000000070330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000000070460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000000070420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000000070250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffff892d1390} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000000070260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffff892d1390} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000000070400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000000701e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000000070200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000000701f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000000070430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000000070450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000000070210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000000070270 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text D:\Programy\teamviever\TeamViewer_Service.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text D:\Programy\hamachi\x64\hamachi-2.exe[3160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text D:\Programy\hamachi\x64\LMIGuardianSvc.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffff892d2490} .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffff892d1e90} .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffff892d1f90} .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffff892d1390} .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000000070270 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000000060480 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000000060470 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000000060360 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000000060490 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000000603d0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000000060310 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000000603a0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000000060380 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000000602d0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000000602c0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffff892c2490} .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000000060300 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000000603b0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000000060440 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000000603e0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000000060220 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000000604a0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000000060390 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000000602e0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000000060340 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000000060280 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000000602a0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffff892c1e90} .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000000603c0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffff892c1f90} .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000000060320 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000000060410 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000000060230 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000000603f0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000000601d0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000000060240 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000000604b0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000000604c0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000000602f0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000000060350 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000000060290 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000000602b0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000000060370 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000000060330 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000000060460 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000000060420 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000000060250 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffff892c1390} .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000000060260 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffff892c1390} .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000000060400 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000000601e0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000000060200 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000000601f0 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000000060430 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000000060450 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000000060210 .text C:\Windows\system32\taskhost.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000000060270 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\Dwm.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\Explorer.EXE[4836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075452ab1 5 bytes JMP 00000000012a8c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text D:\Programy\daemontools\DAEMON Tools Lite\DiscSoftBusService.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000000700480 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000000700470 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000000700360 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000000700490 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000007003d0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000000700310 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000007003a0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000000700380 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000007002d0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000007002c0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffff89962490} .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000000700300 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000007003b0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000000700440 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000007003e0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000000700220 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000007004a0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000000700390 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000007002e0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000000700340 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000000700280 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000007002a0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffff89961e90} .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000007003c0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffff89961f90} .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000000700320 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000000700410 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000000700230 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000007003f0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000007001d0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000000700240 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000007004b0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000007004c0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000007002f0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000000700350 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000000700290 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000007002b0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000000700370 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000000700330 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000000700460 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000000700420 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000000700250 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffff89961390} .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000000700260 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffff89961390} .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000000700400 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000007001e0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000000700200 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000007001f0 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000000700430 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000000700450 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000000700210 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000000700270 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\SearchIndexer.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files\AVAST Software\Avast\avastui.exe[624] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076478781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000730f11a8 2 bytes [0F, 73] .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 00000000730f127d 2 bytes CALL 764714c9 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 00000000730f1310 2 bytes CALL 764714c9 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000730f13a8 2 bytes [0F, 73] .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000730f1422 2 bytes [0F, 73] .text D:\Programy\Skype\Phone\Skype.exe[1628] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000730f1498 2 bytes [0F, 73] .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\uTorrent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\ShastaMan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000076f00480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000076f00470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000076f00360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000076f00490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 0000000076f003d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000076f00310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 0000000076f003a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000076f00380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 0000000076f002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 0000000076f002c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000076f00300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 0000000076f003b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000076f00440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 0000000076f003e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000076f00220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 0000000076f004a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000076f00390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 0000000076f002e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000076f00340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000076f00280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 0000000076f002a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 0000000076f003c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000076f00320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000076f00410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000076f00230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 0000000076f003f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 0000000076f001d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000076f00240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 0000000076f004b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 0000000076f004c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 0000000076f002f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000076f00350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000076f00290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 0000000076f002b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000076f00370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000076f00330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000076f00460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000076f00420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000076f00250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000076f00260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000076f00400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000076f00200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 0000000076f001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000076f00430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000076f00450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000076f00210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[6552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076478781 5 bytes JMP 0000000071e71170 .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000730f11a8 2 bytes [0F, 73] .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 00000000730f127d 2 bytes CALL 764714c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 00000000730f1310 2 bytes CALL 764714c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000730f13a8 2 bytes [0F, 73] .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000730f1422 2 bytes [0F, 73] .text C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe[5920] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000730f1498 2 bytes [0F, 73] .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b11401 2 bytes JMP 7649b21b C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b11419 2 bytes JMP 7649b346 C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b11431 2 bytes JMP 76518fd1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b1144a 2 bytes CALL 7647489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b114dd 2 bytes JMP 765188c4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b114f5 2 bytes JMP 76518aa0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b1150d 2 bytes JMP 765187ba C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b11525 2 bytes JMP 76518b8a C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b1153d 2 bytes JMP 7648fca8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b11555 2 bytes JMP 764968ef C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b1156d 2 bytes JMP 76519089 C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b11585 2 bytes JMP 76518bea C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b1159d 2 bytes JMP 7651877e C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b115b5 2 bytes JMP 7648fd41 C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b115cd 2 bytes JMP 7649b2dc C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b116b2 2 bytes JMP 76518f4c C:\Windows\syswow64\kernel32.dll .text D:\Programy\CodeBlock\CodeBlocks\codeblocks.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b116bd 2 bytes JMP 76518713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9da60 5 bytes JMP 0000000000070480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9dab0 5 bytes JMP 0000000000070470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9dc10 5 bytes JMP 0000000000070360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9dc60 5 bytes JMP 0000000000070490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9dc70 5 bytes JMP 00000000000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9dd20 5 bytes JMP 0000000000070310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9dd50 5 bytes JMP 00000000000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9dd70 5 bytes JMP 0000000000070380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9ddb0 5 bytes JMP 00000000000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9de30 1 byte JMP 00000000000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076d9de32 3 bytes {JMP 0xffffffff892d2490} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9de50 5 bytes JMP 0000000000070300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9de90 5 bytes JMP 00000000000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9ded0 5 bytes JMP 0000000000070440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9dee0 5 bytes JMP 00000000000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9e040 5 bytes JMP 0000000000070220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9e200 5 bytes JMP 00000000000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9e230 5 bytes JMP 0000000000070390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9e310 5 bytes JMP 00000000000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9e320 5 bytes JMP 0000000000070340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9e380 5 bytes JMP 0000000000070280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9e410 1 byte JMP 00000000000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076d9e412 3 bytes {JMP 0xffffffff892d1e90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9e430 1 byte JMP 00000000000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076d9e432 3 bytes {JMP 0xffffffff892d1f90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9e440 5 bytes JMP 0000000000070320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9e4b0 5 bytes JMP 0000000000070410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9e4e0 5 bytes JMP 0000000000070230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9e680 5 bytes JMP 00000000000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9e7a0 5 bytes JMP 00000000000701d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9e860 5 bytes JMP 0000000000070240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9e890 5 bytes JMP 00000000000704b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9e8a0 5 bytes JMP 00000000000704c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9e8d0 5 bytes JMP 00000000000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9e8e0 5 bytes JMP 0000000000070350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9e940 5 bytes JMP 0000000000070290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9e990 5 bytes JMP 00000000000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9e9c0 5 bytes JMP 0000000000070370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9e9d0 5 bytes JMP 0000000000070330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ecc0 5 bytes JMP 0000000000070460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9ee20 5 bytes JMP 0000000000070420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9eec0 1 byte JMP 0000000000070250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076d9eec2 3 bytes {JMP 0xffffffff892d1390} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9eed0 1 byte JMP 0000000000070260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076d9eed2 3 bytes {JMP 0xffffffff892d1390} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9eee0 5 bytes JMP 0000000000070400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9f0a0 5 bytes JMP 00000000000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9f0b0 5 bytes JMP 0000000000070200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9f120 5 bytes JMP 00000000000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9f180 5 bytes JMP 0000000000070430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9f190 5 bytes JMP 0000000000070450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9f1a0 5 bytes JMP 0000000000070210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9f280 5 bytes JMP 0000000000070270 ---- Registry - GMER 2.2 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\ShastaMan\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1 ---- Files - GMER 2.2 ---- File C:\Program Files (x86)\Steam\appcache\appinfo.vdf (size mismatch) 1584166/1588681 bytes executable ---- EOF - GMER 2.2 ----