GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-11 13:32:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKX-003CA0 rev.15.01H15 465,76GB Running: yxctwjfu.exe; Driver: C:\Users\UZYTKO~1\AppData\Local\Temp\axlcyaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000149800460 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000149800450 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000149800370 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000149800470 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000001498003e0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000149800320 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000001498003b0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000149800390 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000001498002e0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000001498002d0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000149800310 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000001498003c0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000001498003f0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000149800230 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000149800480 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000001498003a0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000001498002f0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000149800350 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000149800290 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000001498002b0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000001498003d0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000149800330 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000149800410 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000149800240 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000001498001e0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000149800250 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000149800490 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000001498004a0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000149800300 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000149800360 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000001498002a0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000001498002c0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000149800380 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000149800340 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000149800440 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000149800260 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000149800270 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000149800400 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000001498001f0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000149800210 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000149800200 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000149800420 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000149800430 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000149800220 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000149800280 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\wininit.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 3 bytes JMP 0000000100060460 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 4 00000000774ddc84 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 3 bytes JMP 0000000100060450 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 4 00000000774ddcd4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 3 bytes JMP 0000000100060370 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 00000000774dde34 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 3 bytes JMP 0000000100060470 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 4 00000000774dde84 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 3 bytes JMP 00000001000603e0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 00000000774dde94 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 3 bytes JMP 0000000100060320 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 00000000774ddf44 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 3 bytes JMP 00000001000603b0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 00000000774ddf74 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 3 bytes JMP 0000000100060390 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 00000000774ddf94 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 3 bytes JMP 00000001000602e0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 4 00000000774ddfd4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 3 bytes JMP 00000001000602d0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 4 00000000774de054 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 3 bytes JMP 0000000100060310 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 00000000774de074 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 3 bytes JMP 00000001000603c0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 00000000774de0b4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 3 bytes JMP 00000001000603f0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 00000000774de104 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 3 bytes JMP 0000000100060230 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 4 00000000774de264 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 3 bytes JMP 0000000100060480 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000774de424 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 3 bytes JMP 00000001000603a0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 00000000774de454 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 3 bytes JMP 00000001000602f0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair + 4 00000000774de534 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 3 bytes JMP 0000000100060350 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 4 00000000774de544 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 3 bytes JMP 0000000100060290 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 00000000774de5a4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 3 bytes JMP 00000001000602b0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 4 00000000774de634 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 3 bytes JMP 00000001000603d0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 00000000774de654 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 3 bytes JMP 0000000100060330 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 4 00000000774de664 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 3 bytes JMP 0000000100060410 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 4 00000000774de6d4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 3 bytes JMP 0000000100060240 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 4 00000000774de704 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 3 bytes JMP 00000001000601e0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 00000000774de9c4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 3 bytes JMP 0000000100060250 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 4 00000000774dea84 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 3 bytes JMP 0000000100060490 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 4 00000000774deab4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 3 bytes JMP 00000001000604a0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 4 00000000774deac4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 3 bytes JMP 0000000100060300 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair + 4 00000000774deaf4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 3 bytes JMP 0000000100060360 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 4 00000000774deb04 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 3 bytes JMP 00000001000602a0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 4 00000000774deb64 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 3 bytes JMP 00000001000602c0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 4 00000000774debb4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 3 bytes JMP 0000000100060380 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 4 00000000774debe4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 3 bytes JMP 0000000100060340 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 4 00000000774debf4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 3 bytes JMP 0000000100060440 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 4 00000000774deee4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 3 bytes JMP 0000000100060260 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 4 00000000774df0e4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 3 bytes JMP 0000000100060270 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 4 00000000774df0f4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 3 bytes JMP 0000000100060400 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 00000000774df104 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 3 bytes JMP 00000001000601f0 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 00000000774df2c4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 3 bytes JMP 0000000100060210 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState + 4 00000000774df2d4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 3 bytes JMP 0000000100060200 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem + 4 00000000774df344 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 3 bytes JMP 0000000100060420 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 4 00000000774df3a4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 3 bytes JMP 0000000100060430 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 00000000774df3b4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 3 bytes JMP 0000000100060220 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 00000000774df3c4 1 byte [88] .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 3 bytes JMP 0000000100060280 .text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 4 00000000774df4a4 1 byte [88] .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\AUDIODG.EXE[372] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\nvvsvc.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\Explorer.EXE[1504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\taskhost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2100] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000770c8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074d917fa 2 bytes CALL 770c11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074d91860 2 bytes CALL 770c11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074d91942 2 bytes JMP 77077089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074d9194d 2 bytes JMP 7707cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000000021401 2 bytes JMP 770eb1ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000000021419 2 bytes JMP 770eb31a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000000021431 2 bytes JMP 77168f09 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000000002144a 2 bytes CALL 770c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000000214dd 2 bytes JMP 77168802 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000000214f5 2 bytes JMP 771689d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000000002150d 2 bytes JMP 771686f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000000021525 2 bytes JMP 77168ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000000002153d 2 bytes JMP 770dfc78 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000000021555 2 bytes JMP 770e68bf C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000000002156d 2 bytes JMP 77168fc1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000000021585 2 bytes JMP 77168b22 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000000002159d 2 bytes JMP 771686bc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000000215b5 2 bytes JMP 770dfd11 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000000215cd 2 bytes JMP 770eb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000000216b2 2 bytes JMP 77168e84 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000000216bd 2 bytes JMP 77168651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\svchost.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\SearchProtocolHost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\system32\svchost.exe[5072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Windows\System32\svchost.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774ddc80 5 bytes JMP 0000000077640460 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774ddcd0 5 bytes JMP 0000000077640450 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774dde30 5 bytes JMP 0000000077640370 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774dde80 5 bytes JMP 0000000077640470 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774dde90 5 bytes JMP 00000000776403e0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774ddf40 5 bytes JMP 0000000077640320 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf70 5 bytes JMP 00000000776403b0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774ddf90 5 bytes JMP 0000000077640390 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774ddfd0 5 bytes JMP 00000000776402e0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774de050 5 bytes JMP 00000000776402d0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774de070 5 bytes JMP 0000000077640310 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774de0b0 5 bytes JMP 00000000776403c0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774de100 5 bytes JMP 00000000776403f0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774de260 5 bytes JMP 0000000077640230 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774de420 5 bytes JMP 0000000077640480 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774de450 5 bytes JMP 00000000776403a0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774de530 5 bytes JMP 00000000776402f0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774de540 5 bytes JMP 0000000077640350 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774de5a0 5 bytes JMP 0000000077640290 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774de630 5 bytes JMP 00000000776402b0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de650 5 bytes JMP 00000000776403d0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774de660 5 bytes JMP 0000000077640330 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774de6d0 5 bytes JMP 0000000077640410 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774de700 5 bytes JMP 0000000077640240 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774de9c0 5 bytes JMP 00000000776401e0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774dea80 5 bytes JMP 0000000077640250 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774deab0 5 bytes JMP 0000000077640490 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774deac0 5 bytes JMP 00000000776404a0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774deaf0 5 bytes JMP 0000000077640300 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774deb00 5 bytes JMP 0000000077640360 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774deb60 5 bytes JMP 00000000776402a0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774debb0 5 bytes JMP 00000000776402c0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774debe0 5 bytes JMP 0000000077640380 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774debf0 5 bytes JMP 0000000077640340 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774deee0 5 bytes JMP 0000000077640440 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774df0e0 5 bytes JMP 0000000077640260 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774df0f0 5 bytes JMP 0000000077640270 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df100 5 bytes JMP 0000000077640400 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774df2c0 5 bytes JMP 00000000776401f0 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774df2d0 5 bytes JMP 0000000077640210 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774df340 5 bytes JMP 0000000077640200 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774df3a0 5 bytes JMP 0000000077640420 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774df3b0 5 bytes JMP 0000000077640430 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774df3c0 5 bytes JMP 0000000077640220 .text C:\Users\Uzytkownik\Downloads\FRST64.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774df4a0 5 bytes JMP 0000000077640280 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef31b741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef31b5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef31b5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef31b5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef31b7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef31b6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef31b6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef31b7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef31b7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef31b78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef31b4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef31b5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2656] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef31b7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [2592:2716] 000007fef3133438 Thread C:\Windows\system32\svchost.exe [2592:2760] 000000000118b610 Thread C:\Windows\system32\svchost.exe [2592:2764] 00000000011835f0 Thread C:\Windows\system32\svchost.exe [2592:2768] 0000000180004b00 Thread C:\Windows\System32\svchost.exe [3576:1308] 000007feeec19688 Thread C:\Windows\sysWow64\SearchProtocolHost.exe [4656:388] 00000000708e876d Thread C:\Windows\sysWow64\SearchProtocolHost.exe [4656:4664] 000000005d85314d ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1504] (GG drive overlay/GG Network S.A.)(2013-04-05 13:57:05) 000000005c080000 Library c:\users\uzytko~1\appdata\local\temp\7zs4604\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [5072] (HP Network Devices Support/Hewlett-Packard Co.)(2013-06-17 20:45:06) 0000000180000000 ---- EOF - GMER 2.1 ----