GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-23 09:42:49 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: 6p8dxiqo.exe; Driver: C:\Users\PAWE~1\AppData\Local\Temp\pxtdrpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000f5200 15 bytes [00, 65, F4, 01, 80, 7D, 6A, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17 fffff960000f5211 10 bytes [F3, FB, FF, 00, 17, C7, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\System32\smss.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\csrss.exe[612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\wininit.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\csrss.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\winlogon.exe[732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\services.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\lsass.exe[792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\svchost.exe[864] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\svchost.exe[904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc8c0d28c0 7 bytes JMP 00007ffd8bd80260 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc8c0d43d8 7 bytes JMP 00007ffd8bd80298 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffc8c181f20 7 bytes JMP 00007ffd8bd80308 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffc8c1840b4 7 bytes JMP 00007ffd8bd80340 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc8c184510 7 bytes JMP 00007ffd8bd802d0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc8c1acea0 7 bytes JMP 00007ffd8bd801f0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc8c1acf10 7 bytes JMP 00007ffd8bd80228 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc8bd92300 7 bytes JMP 00007ffd8bd800d8 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffc8bd95770 5 bytes JMP 00007ffd8bd80180 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc8bd95860 5 bytes JMP 00007ffd8bd80148 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc8bd95a30 5 bytes JMP 00007ffd8bd80110 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc8be0a3f0 5 bytes JMP 00007ffd8bd801b8 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffc8bef7834 10 bytes JMP 00007ffd8bd80420 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffc8befb4d0 5 bytes JMP 00007ffd8bd803b0 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffc8befc6d8 5 bytes JMP 00007ffd8bd803e8 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc8befc8fc 5 bytes JMP 00007ffd8bd80458 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc8befe39c 9 bytes JMP 00007ffd8bd80378 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc8e221500 1 byte JMP 00007ffd8bd80490 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc8e221502 6 bytes {JMP 0xfffffffffdb5ef90} .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc8e221750 8 bytes JMP 00007ffd8bd804c8 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ffc899e7a88 5 bytes JMP 00007ffd89880110 .text C:\WINDOWS\system32\dwm.exe[1012] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ffc899f4990 5 bytes JMP 00007ffd898800d8 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\nvvsvc.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc8df6169a 4 bytes [F6, 8D, FC, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc8df616a2 4 bytes [F6, 8D, FC, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc8df6181a 4 bytes [F6, 8D, FC, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[780] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc8df61832 4 bytes [F6, 8D, FC, 7F] .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\System32\svchost.exe[600] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\svchost.exe[1260] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\System32\svchost.exe[1352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\svchost.exe[1472] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\System32\spoolsv.exe[1960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\svchost.exe[1984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\Elantech\ETDService.exe[2220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2256] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\dashost.exe[2264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[2332] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\CyberLink\Shared files\RichVideo64.exe[1680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\svchost.exe[2988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[3084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\conhost.exe[3160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\svchost.exe[3576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Windows\System32\WUDFHost.exe[3624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\System32\svchost.exe[3956] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\DllHost.exe[3320] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\conhost.exe[4772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\Elantech\ETDCtrl.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5060] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\Explorer.EXE[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\Elantech\ETDIntelligent.exe[5108] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\DllHost.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\SearchIndexer.exe[3296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Windows\System32\hkcmd.exe[3552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Windows\System32\rundll32.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Windows\RTFTrack.exe[4388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5228] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\wbem\unsecapp.exe[5924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc8c0d28c0 7 bytes JMP 00007ffd8bd80260 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc8c0d43d8 7 bytes JMP 00007ffd8bd80298 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffc8c181f20 7 bytes JMP 00007ffd8bd80308 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffc8c1840b4 7 bytes JMP 00007ffd8bd80340 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc8c184510 7 bytes JMP 00007ffd8bd802d0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc8c1acea0 7 bytes JMP 00007ffd8bd801f0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc8c1acf10 7 bytes JMP 00007ffd8bd80228 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc8bd92300 7 bytes JMP 00007ffd8bd800d8 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffc8bd95770 5 bytes JMP 00007ffd8bd80180 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc8bd95860 5 bytes JMP 00007ffd8bd80148 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc8bd95a30 5 bytes JMP 00007ffd8bd80110 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc8be0a3f0 5 bytes JMP 00007ffd8bd801b8 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffc8bef7834 10 bytes JMP 00007ffd8bd80420 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffc8befb4d0 5 bytes JMP 00007ffd8bd803b0 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffc8befc6d8 5 bytes JMP 00007ffd8bd803e8 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc8befc8fc 5 bytes JMP 00007ffd8bd80458 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc8befe39c 9 bytes JMP 00007ffd8bd80378 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc8e221500 1 byte JMP 00007ffd8bd80490 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc8e221502 6 bytes {JMP 0xfffffffffdb5ef90} .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc8e221750 8 bytes JMP 00007ffd8bd804c8 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\dxgi.dll!CreateDXGIFactory1 00007ffc899e7a88 5 bytes JMP 00007ffd89880110 .text C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe[1096] C:\WINDOWS\SYSTEM32\dxgi.dll!CreateDXGIFactory 00007ffc899f4990 5 bytes JMP 00007ffd898800d8 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc8e70adb0 5 bytes JMP 00007ffd0e830460 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc8e70ae00 5 bytes JMP 00007ffd0e830450 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc8e70af60 5 bytes JMP 00007ffd0e830370 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc8e70afb0 5 bytes JMP 00007ffd0e830470 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc8e70afc0 5 bytes JMP 00007ffd0e8303e0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc8e70b070 5 bytes JMP 00007ffd0e830320 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc8e70b0a0 5 bytes JMP 00007ffd0e8303b0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc8e70b0c0 5 bytes JMP 00007ffd0e830390 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc8e70b100 5 bytes JMP 00007ffd0e8302e0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc8e70b180 5 bytes JMP 00007ffd0e8302d0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc8e70b1a0 5 bytes JMP 00007ffd0e830310 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc8e70b1e0 5 bytes JMP 00007ffd0e8303c0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc8e70b230 5 bytes JMP 00007ffd0e8303f0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc8e70b390 5 bytes JMP 00007ffd0e830230 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc8e70b580 5 bytes JMP 00007ffd0e830480 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc8e70b5b0 5 bytes JMP 00007ffd0e8303a0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc8e70b6d0 5 bytes JMP 00007ffd0e8302f0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc8e70b6f0 5 bytes JMP 00007ffd0e830350 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc8e70b760 5 bytes JMP 00007ffd0e830290 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc8e70b7f0 5 bytes JMP 00007ffd0e8302b0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc8e70b810 5 bytes JMP 00007ffd0e8303d0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc8e70b820 5 bytes JMP 00007ffd0e830330 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc8e70b8d0 5 bytes JMP 00007ffd0e830410 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc8e70b900 5 bytes JMP 00007ffd0e830240 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc8e70bc20 5 bytes JMP 00007ffd0e8301e0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc8e70bce0 5 bytes JMP 00007ffd0e830250 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc8e70bd10 5 bytes JMP 00007ffd0e830490 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc8e70bd20 5 bytes JMP 00007ffd0e8304a0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc8e70bd50 5 bytes JMP 00007ffd0e830300 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc8e70bd60 5 bytes JMP 00007ffd0e830360 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc8e70bdc0 5 bytes JMP 00007ffd0e8302a0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc8e70be10 5 bytes JMP 00007ffd0e8302c0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc8e70be40 5 bytes JMP 00007ffd0e830380 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc8e70be50 5 bytes JMP 00007ffd0e830340 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc8e70c160 5 bytes JMP 00007ffd0e830440 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc8e70c360 5 bytes JMP 00007ffd0e830260 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc8e70c370 5 bytes JMP 00007ffd0e830270 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc8e70c390 5 bytes JMP 00007ffd0e830400 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc8e70c570 5 bytes JMP 00007ffd0e8301f0 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc8e70c580 1 byte JMP 00007ffd0e830210 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 2 00007ffc8e70c582 3 bytes {JMP 0xffffffff80123c90} .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc8e70c610 5 bytes JMP 00007ffd0e830200 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc8e70c680 5 bytes JMP 00007ffd0e830420 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc8e70c690 5 bytes JMP 00007ffd0e830430 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc8e70c6a0 5 bytes JMP 00007ffd0e830220 .text C:\WINDOWS\system32\DllHost.exe[4088] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc8e70c7b0 5 bytes JMP 00007ffd0e830280 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\Explorer.EXE[USER32.dll!DeferWindowPos] [7ffc7f191de0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\Explorer.EXE[USER32.dll!SetWindowPos] [7ffc7f191c20] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\Explorer.EXE[USER32.dll!EndPaint] [7ffc7f191f90] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\Explorer.EXE[USER32.dll!MoveWindow] [7ffc7f191a80] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!DeferWindowPos] [7ffc7f191de0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!SetWindowPos] [7ffc7f191c20] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!MoveWindow] [7ffc7f191a80] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!EndPaint] [7ffc7f191f90] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[USER32.dll!SetWindowPos] [7ffc7f191c20] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\SYSTEM32\TWINAPI.dll[USER32.dll!SetWindowPos] [7ffc7f191c20] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\SYSTEM32\dxgi.dll[USER32.dll!SetWindowPos] [7ffc7f191c20] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\system32\IMM32.DLL[USER32.dll!EndPaint] [7ffc7f191f90] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\system32\IMM32.DLL[USER32.dll!SetWindowPos] [7ffc7f191c20] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\system32\MSCTF.dll[USER32.dll!MoveWindow] [7ffc7f191a80] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\system32\MSCTF.dll[USER32.dll!EndPaint] [7ffc7f191f90] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5100] @ C:\WINDOWS\system32\MSCTF.dll[USER32.dll!SetWindowPos] [7ffc7f191c20] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [688:712] fffff960008f7b90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----